以下是能从这个网页截图中获取到的关键信息: Summary of the Findings Video Downloader Extension Vulnerability: - The exploit introduced via the Video Downloader extension allowed any website to inject and execute JavaScript in the extension's context, making it possible for the site to control the browser, access vaulted data, spy on the user, or modify content. - Known vulnerabilities in this context are CVE-2019-18893 and CVE-2019-18894. The first issue mentioned above (CVE-2019-18893) was fixed in version 1.5 while CVE-2019-18894 remains unresolved at the time of writing. Local Command Injection: - JavaScript with access to local intercommunication could communicate with the local browser. Through that, a vulnerability existed in the feature's command line that allowed the injection of arbitrary command line flags. - Possible missteps could grant full control over Avast Secure Browser while it’s in and execute local applications with user privileges. Analysis and Technical Details Key Technical Causes The extension manifested itself with in its . It made use of a flexible jQuery call with a wrong MIME type and a questionable value with unneeded permissions. Remediations and Mitigations Ensure Avast Secure Browser is up to date with patched software releases.