CVE-2018-16081
chromium-browser: Local file access in DevTools
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.
Permitir que la API chrome.debugger se ejecutase en las URL file:// en DevTools en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante que hubiese convencido a un usuario para que instale una extensión maliciosa accediese a archivos en el sistema de archivos local sin permisos de acceso a archivos mediante una extensión de Chrome manipulada.
Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-29 CVE Reserved
- 2018-09-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105215 | Vdb Entry | |
| https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html | X_refsource_confirm | |
| https://crbug.com/666299 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2666 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201811-10 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-16081 | 2018-09-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1625484 | 2018-09-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 69.0.3497.81 Search vendor "Google" for product "Chrome" and version " < 69.0.3497.81" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||