Google · Google Chrome · CVE-2018-17477
**Name of the Vulnerable Software and Affected Versions**
Google Chrome versions prior to 70.0.3538.67
**Description**
The issue is related to incorrect dialog placement in the Extensions section of Google Chrome, allowing a remote attacker to spoof the contents of extension popups via a crafted HTML page. This is due to insufficient input validation, which can be exploited by a remote attacker to tamper with the user interface in the Extensions tab using a specially crafted HTML page.
**Recommendations**
For versions prior to 70.0.3538.67, update to version 70.0.3538.67 or later to resolve the issue.