Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome_os | * | 59.0.3071.92 (excluding) | |
Chromium-browser | Ubuntu | artful | * |
Chromium-browser | Ubuntu | bionic | * |
Chromium-browser | Ubuntu | cosmic | * |
Chromium-browser | Ubuntu | devel | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | xenial | * |
Chromium-browser | Ubuntu | yakkety | * |
Chromium-browser | Ubuntu | zesty | * |
Oxide-qt | Ubuntu | artful | * |
Oxide-qt | Ubuntu | esm-infra/xenial | * |
Oxide-qt | Ubuntu | trusty | * |
Oxide-qt | Ubuntu | vivid/stable-phone-overlay | * |
Oxide-qt | Ubuntu | xenial | * |
Oxide-qt | Ubuntu | yakkety | * |
Oxide-qt | Ubuntu | zesty | * |