CVE-2020-7645

Name of the Vulnerable Software and Affected Versions chrome-launcher versions prior to 0.13.2

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands by controlling the $HOME environment variable in Linux operating systems.

Recommendations For versions prior to 0.13.2, update to version 0.13.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the $HOME environment variable to minimize the risk of exploitation.