CVE-2018-16088

Summary

A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeunspecified < 69.0.3497.81affected

Weaknesses

  • Policy bypass

ADP Enrichment

CVE Program Container

Additional References

References