Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a users previous Always open files of this type choice, related to download_commands.cc and download_prefs.cc.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
| Opensuse | Opensuse | 13.2 (including) | 13.2 (including) |
| Enterprise_linux_desktop_supplementary | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_server_supplementary | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_server_supplementary | Redhat | 6.7.z (including) | 6.7.z (including) |
| Enterprise_linux_workstation_supplementary | Redhat | 6.0 (including) | 6.0 (including) |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:44.0.2403.89-1.el6 | * |
| Chromium-browser | Ubuntu | devel | * |
| Chromium-browser | Ubuntu | precise | * |
| Chromium-browser | Ubuntu | trusty | * |
| Chromium-browser | Ubuntu | upstream | * |
| Chromium-browser | Ubuntu | utopic | * |
| Chromium-browser | Ubuntu | vivid | * |
| Chromium-browser | Ubuntu | wily | * |