Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a users previous Always open files of this type choice, related to download_commands.cc and download_prefs.cc.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
Opensuse | Opensuse | 13.2 (including) | 13.2 (including) |
Enterprise_linux_desktop_supplementary | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_server_supplementary | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_server_supplementary | Redhat | 6.7.z (including) | 6.7.z (including) |
Enterprise_linux_workstation_supplementary | Redhat | 6.0 (including) | 6.0 (including) |