CVE-2018-6103

Name

CVE-2018-6103

Description

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Issue Tracking	https://crbug.com/816033
Release Notes	https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Third Party Advisory	https://www.debian.org/security/2018/dsa-4182
Third Party Advisory	https://security.gentoo.org/glsa/201804-22
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:1195
Third Party Advisory	http://www.securityfocus.com/bid/103917

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:redhat:linux_server:6.0:::::::*`	linux_server	== None	== 6.0
`cpe:2.3:o:redhat:linux_workstation:6.0:::::::*`	linux_workstation	== None	== 6.0
`cpe:2.3:o:redhat:linux_desktop:6.0:::::::*`	linux_desktop	== None	== 6.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status