Insecure Access to Local File System via Chrome Extension in Google Chrome prior to 71.0.3578.80

Insecure Access to Local File System via Chrome Extension in Google Chrome prior to 71.0.3578.80

CVE-2018-18344 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

Learn more about our Cis Benchmark Audit For Google Chrome.