CVE-2018-6176Improper Input Validation in Google Chrome

CWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJun 27
Latest updateMay 24

Description

Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google/chromeunspecified68.0.3440.75
NVDgoogle/chrome< 68.0.3440.75

🔴Vulnerability Details

2
GHSA
GHSA-9q7g-q6v6-xppx: Insufficient file type enforcement in Extensions API in Google Chrome prior to 682022-05-24
OSV
CVE-2018-6176: Insufficient file type enforcement in Extensions API in Google Chrome prior to 682019-06-27

📋Vendor Advisories

1
Red Hat
chromium-browser: Local user privilege escalation in Extensions2018-07-24

💬Community

1
Bugzilla
CVE-2018-6176 chromium-browser: Local user privilege escalation in Extensions2018-07-25