CVE-2018-6109 — Sensitive Information Exposure in Google Chrome
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 9
Latest updateMay 14
Description
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-pcp9-rq8r-pwrj: readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prio↗2022-05-14
CVEList▶
CVE-2018-6109: readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prio↗2019-01-09
OSV▶
CVE-2018-6109: readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prio↗2019-01-09
📋Vendor Advisories
1💬Community
3Bugzilla▶
CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-↗2018-04-18
Bugzilla▶
CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-↗2018-04-18