CVE-2018-16084 — Cross-site Scripting in Google Chrome

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedJan 9

Latest updateMay 14

Description

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5google/chromeunspecified — 69.0.3497.81

▶NVDgoogle/chrome< 69.0.3497.81

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-g528-7mm4-xf22: The default selected dialog button in CustomHandlers in Google Chrome prior to 69↗2022-05-14

▶

OSV

CVE-2018-16084: The default selected dialog button in CustomHandlers in Google Chrome prior to 69↗2019-01-09

▶

CVEList

CVE-2018-16084: The default selected dialog button in CustomHandlers in Google Chrome prior to 69↗2019-01-09

▶

📋Vendor Advisories

Red Hat

chromium-browser: User confirmation bypass in external protocol handling↗2018-09-04

▶

💬Community

Bugzilla

CVE-2018-16084 chromium-browser: User confirmation bypass in external protocol handling↗2018-09-05

▶