CVE-2018-18344

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 71.0.3578.80

Description The issue is related to the inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions, which can be exploited by a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. This can lead to unauthorized access to files in the local file system. The vulnerability is caused by a buffer overflow in memory, allowing an attacker to exploit it using a specially crafted extension.

Recommendations For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue. As a temporary workaround, consider disabling the setDownloadBehavior feature in installed extensions until a patch is applied. Restrict access to sensitive files and directories to minimize the risk of exploitation.