Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Chrome DevTools 安全漏洞
Vulnerability Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Devtools是其中的一个开发调试工具。 Google Chrome 68.0.3440.75之前版本中的DevTools存在安全漏洞,该漏洞源于Page.downloadBehavior后端的实现将下载的文件标记为安全。攻击者可通过诱使用户安装恶意的扩展利用该漏洞绕过安全限制,进而在系统上写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A