The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
chrome | lt | 66.0.3359.106 | |
enterprise_linux_desktop | eq | 6.0 | |
enterprise_linux_server | eq | 6.0 | |
enterprise_linux_workstation | eq | 6.0 |