CVE-2018-6109
Description
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.797
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Updates for Google Chrome (x64) (66.0.3359.117) | Windows |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) | Windows |
| Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (66.0.3359.117) | Mac |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Debian) | Linux |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Centos) | Linux |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For RedHat) | Linux |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Suse) | Linux |
| Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
| PATCH-609673 | Google Chrome for Mac (132.0.6834.83, 132.0.6834.84) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234