Security Advisory

CVE-2018-6152

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-04 17:00:00

Last updated 2024-08-05 05:54:53

Assigner Chrome

State PUBLISHED

Description

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

← Browse all CVEs View on cve.org ↗