Dominik Weber

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 66.0.3359.117 Opera (affected versions not specified) **Description** The issue allows a remote attacker to access data on the user's file system without explicit consent via a crafted HTML page. This is due to the `readAsText()` function being able to indefinitely read the file picked by the user, rather than only once at the time the file is picked in the File API. **Recommendations** For Google Chrome versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.