Remote Code Execution via Crafted Chrome Extension in Google Chrome

Remote Code Execution via Crafted Chrome Extension in Google Chrome

CVE-2018-6033 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

Learn more about our Cis Benchmark Audit For Google Chrome.