CVE-2018-6140

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 67.0.3396.62

Description The issue concerns the chrome.debugger API in Google Chrome's DevTools, which allowed an attacker to execute arbitrary code via a crafted Chrome Extension if they convinced a user to install it. The vulnerability exists due to insufficient input validation in the Debugger API component, potentially allowing a remote attacker to execute arbitrary code using a specially crafted Chrome Extension.

Recommendations For versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue. As a temporary workaround, consider disabling the use of the chrome.debugger API in DevTools until the update is applied. Restrict access to installing extensions to minimize the risk of exploitation. Avoid using the chrome.debugger API for attaching to Web UI pages in DevTools until the issue is resolved.