CVE-2018-6152
Publication date 4 December 2018
Last updated 24 July 2024
Ubuntu priority
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 68.0.3440.75-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 68.0.3440.75-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.6 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |