Описание
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 75.0.3770.142-0ubuntu0.18.04.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 75.0.3770.80-0ubuntu1~snap1 |
| disco | released | 75.0.3770.142-0ubuntu0.19.04.1 |
| eoan | not-affected | 75.0.3770.80-0ubuntu1~snap1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 75.0.3770.80 |
Показывать по
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Insufficient policy enforcement in extensions API in Google Chrome pri ...
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Уязвимость компонента API расширений веб-браузера Google Chrome, позволяющая нарушителю установить вредоносное расширение
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3