Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-16081

Опубликовано: 09 янв. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3
CVSS3: 7.4

Описание

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

РелизСтатусПримечание
bionic

released

69.0.3497.81-0ubuntu0.18.04.1
cosmic

released

69.0.3497.81-0ubuntu1
devel

released

69.0.3497.81-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [no longer updated]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [no longer updated]
upstream

released

69.0.3497.81
xenial

released

69.0.3497.81-0ubuntu0.16.04.1

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [Ubuntu touch end-of-life]]
esm-infra/xenial

ignored

Ubuntu touch end-of-life
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [Ubuntu touch end-of-life]
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-16081

CVSS3: 6.5
redhat
больше 7 лет назад

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

nvd логотип

CVE-2018-16081

CVSS3: 7.4
nvd
около 7 лет назад

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

debian логотип

CVE-2018-16081

CVSS3: 7.4
debian
около 7 лет назад

Allowing the chrome.debugger API to run on file:// URLs in DevTools in ...

github логотип

GHSA-h5rc-j9f7-wmr8

CVSS3: 7.4
github
больше 3 лет назад

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.

fstec логотип

BDU:2019-04342

CVSS3: 7.4
fstec
больше 7 лет назад

Уязвимость набора инструментов DevTools браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к локальным файлам

4.3 Medium

CVSS2

7.4 High

CVSS3