CVE-2015-1274

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 44.0.2403.89

Description The issue is related to errors in security settings, allowing remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice. This is connected to download commands.cc and download prefs.cc. The exploitation of this issue can enable remote attackers to run arbitrary code using a specially formed file.

Recommendations For versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. As a temporary workaround, consider restricting the auto-open list to omit all dangerous file types until a patch is available. Avoid using the "Always open files of this type" option for potentially dangerous file types in the affected versions.