PT-2018-3273 · Google+3 · Google Chrome+3

93M4Qau783

·

Publicado

2018-07-24

·

Atualizado

2024-06-15

·

CVE-2018-6179

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 68.0.3440.75
Description The issue is related to insufficient enforcement of file access permissions in Google Chrome, specifically in the activeTab case in Extensions. This could allow a remote attacker, who has convinced a user to install a malicious extension, to access local files via a crafted Chrome Extension.
Recommendations For versions prior to 68.0.3440.75, update to version 68.0.3440.75 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-2278
BDU:2019-04469
CVE-2018-6179
DSA-4256-1
MGASA-2018-0343
OPENSUSE-SU-2018_2134-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2018:2282
RHSA-2018_2282

Produtos afetados

Alt Linux
Google Chrome
Red Hat
Suse