CVE-2018-6152 — Unrestricted File Upload in Google Chrome

CWE-434 — Unrestricted File Upload8 documents6 sources

Severity

9.6CRITICALNVD

EPSS

0.9%

top 24.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedDec 4

Latest updateMay 14

Description

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

▶CVEListV5google/chromeunspecified — 66.0.3359.117

▶NVDgoogle/chrome< 66.0.3359.106

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-gj69-jhg9-8m88: The implementation of the Page↗2022-05-14

▶

OSV

CVE-2018-6152: The implementation of the Page↗2018-12-04

▶

CVEList

CVE-2018-6152: The implementation of the Page↗2018-12-04

▶

📋Vendor Advisories

Red Hat

chromium-browser: Local file write in DevTools↗2018-07-24

▶

💬Community

Bugzilla

CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-↗2018-07-25

▶

Bugzilla

CVE-2018-6152 chromium-browser: Local file write in DevTools↗2018-07-25

▶

Bugzilla

▶