2 matches found
CVE-2019-18893
CVE-2019-18893 involves an XSS flaw in the Video Downloader component (pre-1.5) of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77. The vulnerability lets an attacker’s website execute code in the context of this component. Although Video Downloader is a browser extension, i...
CVE-2019-17190
CVE-2019-17190 affects Avast Secure Browser 76.0.1659.101. The issue is an insecure ACL on Update.ini in %PROGRAMDATA%\Avast Software\Browser\Update, altered by AvastBrowserUpdate.exe running as NT AUTHORITY\SYSTEM during update checks. A low-privileged user can create a hard link Update.ini to a...