CVE-2018-6152

Summary

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeunspecified < 66.0.3359.117affected

Weaknesses

  • Insufficient policy enforcement

ADP Enrichment

CVE Program Container

Additional References

References