CVE-2018-6109

Summary

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeunspecified < 66.0.3359.117affected

Weaknesses

  • Inappropriate implementation

ADP Enrichment

CVE Program Container

Additional References

References