CVE-2018-6152

2018-12-04T17:29:00
ID CVE-2018-6152
Type cve
Reporter security@google.com
Modified 2019-02-05T20:39:00

Description

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.