Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 71.0.3578.80 (excluding) | |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:71.0.3578.80-1.el6_10 | * |
| Chromium-browser | Ubuntu | bionic | * |
| Chromium-browser | Ubuntu | cosmic | * |
| Chromium-browser | Ubuntu | devel | * |
| Chromium-browser | Ubuntu | trusty | * |
| Chromium-browser | Ubuntu | upstream | * |
| Chromium-browser | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- http://www.securityfocus.com/bid/106084
- https://access.redhat.com/errata/RHSA-2018:3803
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://crbug.com/866426
- https://security.gentoo.org/glsa/201908-18
- https://www.debian.org/security/2018/dsa-4352
- http://www.securityfocus.com/bid/106084
- https://access.redhat.com/errata/RHSA-2018:3803
- https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
- https://crbug.com/866426
- https://security.gentoo.org/glsa/201908-18
- https://www.debian.org/security/2018/dsa-4352