Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-18349

Опубликовано: 11 дек. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

РелизСтатусПримечание
bionic

released

71.0.3578.80-0ubuntu0.18.04.1
cosmic

released

71.0.3578.80-0ubuntu0.18.10.1
devel

released

71.0.3578.80-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [no longer updated]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [no longer updated]
upstream

released

71.0.3578.80
xenial

released

71.0.3578.80-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 66%
0.00511
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-18349

CVSS3: 6.5
redhat
около 7 лет назад

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

nvd логотип

CVE-2018-18349

CVSS3: 6.5
nvd
около 7 лет назад

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

debian логотип

CVE-2018-18349

CVSS3: 6.5
debian
около 7 лет назад

Remote frame navigations was incorrectly permitted to local resources ...

github логотип

GHSA-3377-vrhc-fxf7

CVSS3: 6.5
github
больше 3 лет назад

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

fstec логотип

BDU:2019-01247

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость браузера Google Chrome, связанная с ошибками управления правами, привилегиями и контролем доступа, позволяющая нарушителю получить доступ к файлам в локальной файловой системе с помощью специально созданного расширения

EPSS

Процентиль: 66%
0.00511
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3