CVE-2018-6109

CVE-2018-6109

Name

CVE-2018-6109

Description

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://crbug.com/710190
Vendor Advisory	https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Third Party Advisory	https://www.debian.org/security/2018/dsa-4182
Third Party Advisory	https://security.gentoo.org/glsa/201804-22
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:1195
Third Party Advisory	http://www.securityfocus.com/bid/103917

Type

URI

Issue Tracking

https://crbug.com/710190

Vendor Advisory

https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

Third Party Advisory

https://www.debian.org/security/2018/dsa-4182

Third Party Advisory

https://security.gentoo.org/glsa/201804-22

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1195