Vulnerability CVE-2018-6109: Information
Description
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
chromium | sisyphus | 66.0.3359.117-alt1 | 125.0.6422.141-alt1 | ALT-PU-2018-1639-1 | 205409 | Fixed |
chromium | p10 | 66.0.3359.117-alt1 | 119.0.6045.159-alt0.p10.1 | ALT-PU-2018-1639-1 | 205409 | Fixed |
chromium | p9 | 66.0.3359.117-alt1 | 97.0.4692.99-alt0.p9.1 | ALT-PU-2018-1639-1 | 205409 | Fixed |
chromium | c10f1 | 66.0.3359.117-alt1 | 110.0.5481.177-alt1.p10.1 | ALT-PU-2018-1639-1 | 205409 | Fixed |
chromium | c9f2 | 66.0.3359.117-alt1 | 84.0.4147.105-alt1.1.p9 | ALT-PU-2018-1639-1 | 205409 | Fixed |
chromium | p11 | 66.0.3359.117-alt1 | 125.0.6422.141-alt1 | ALT-PU-2018-1639-1 | 205409 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html | |
GLSA-201804-22 | |
https://crbug.com/710190 | |
DSA-4182 | |
103917 | |
RHSA-2018:1195 |