CVE-2019-15684 : Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.

Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

Published 2019-11-25 16:15:14

Updated 2020-08-24 17:37:01

Source Kaspersky Labs

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2019-15684

Google » Chrome
Versions before (<) 30.112.62.0
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Kaspersky » Protection » Version: 20.0.543.1418 For Chrome
cpe:2.3:a:kaspersky:protection:20.0.543.1418:*:*:*:*:chrome:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-15684

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15684

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2019-15684

https://www.symantec.com/security-center/vulnerabilities/writeup/110997

Kaspersky Protection extension for Google Chrome CVE-2019-15684 Unauthorized Access Vulnerability | Symantec
Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-15684

Products affected by CVE-2019-15684

Exploit prediction scoring system (EPSS) score for CVE-2019-15684

CVSS scores for CVE-2019-15684

References for CVE-2019-15684