← Back

CVE-2018-6075

nvd nist
Published: Nov 14, 2018Modified: Jun 17, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

Affected (5)

Google
1 product
Chrome
Redhat
3 products
Linux Desktop
Linux Server
Linux Workstation
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Chrome
Before 65.0.3325.146
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Linux Desktop
Version 6.0
Linux Server
Version 6.0
Linux Workstation
Version 6.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: chrome-cve-admin@google.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.