9.6

CVE-2018-6152

EPSS 0.9%
Veröffentlicht 04.12.2018 17:29:02
Zuletzt bearbeitet 21.11.2024 04:10:10
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 66.0.3359.106

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.securityfocus.com/bid/104887

https://access.redhat.com/errata/RHSA-2018:2282

https://security.gentoo.org/glsa/201808-01

https://www.debian.org/security/2018/dsa-4256

https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

https://crbug.com/805445

https://nvd.nist.gov/vuln/detail/CVE-2018-6152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6152

EUVD