Vulnerability Description
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Secure Browser | 77.1.1831.91 |
| Avg | Secure Browser | 77.0.1790.77 |
| Video Downloader Project | Video Downloader | < 1.5 |
Related Weaknesses (CWE)
References
- https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/ExploitThird Party Advisory
- https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/ExploitThird Party Advisory
FAQ
What is CVE-2019-18893?
CVE-2019-18893 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While ...
How severe is CVE-2019-18893?
CVE-2019-18893 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18893?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Secure Browser, Avg Secure Browser, Video Downloader Project Video Downloader.