CVE-2018-6115 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 52.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 4

Latest updateMay 14

Description

Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5google/chromeunspecified — 66.0.3359.117

▶NVDgoogle/chrome< 66.0.3359.117

🔴Vulnerability Details

GHSA

GHSA-88x6-h36j-mqgw: Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66↗2022-05-14

▶

OSV

CVE-2018-6115: Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66↗2018-12-04

▶

📋Vendor Advisories

Red Hat

chromium-browser: SmartScreen bypass in downloads↗2018-04-17

▶

💬Community

Bugzilla

CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads↗2018-04-18

▶