Design/Logic Flaw

2015-07-2300:59:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.7%

JSON

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user’s previous “Always open files of this type” choice, related to download_commands.cc and download_prefs.cc.

CPENameOperatorVersion
debian_linuxeq8.0
chromele43.0.2357.134
opensuseeq13.1
opensuseeq13.2
enterprise_linux_desktop_supplementaryeq6.0
enterprise_linux_server_supplementaryeq6.0
enterprise_linux_server_supplementaryeq6.7.122
enterprise_linux_workstation_supplementaryeq6.0

Name	Operator	Version
debian_linux	eq	8.0
chrome	le	43.0.2357.134
opensuse	eq	13.1
opensuse	eq	13.2
enterprise_linux_desktop_supplementary	eq	6.0
enterprise_linux_server_supplementary	eq	6.0
enterprise_linux_server_supplementary	eq	6.7.122
enterprise_linux_workstation_supplementary	eq	6.0