cnvd - cnvd-2019-01773

cnvd-2019-01773

Vulnerability from cnvd

Title: Google Chrome安全绕过漏洞（CNVD-2019-01773）

Description:

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。Devtools是其中的一个开发调试工具。

Google Chrome 68.0.3440.75之前版本中的DevTools存在安全漏洞，该漏洞源于Page.downloadBehavior后端的实现将下载的文件标记为安全。攻击者可通过诱使用户安装恶意的扩展利用该漏洞绕过安全限制，进而在系统上写入任意文件。

Severity: 中

Patch Name: Google Chrome安全绕过漏洞（CNVD-2019-01773）的补丁

Patch Description:

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。Devtools是其中的一个开发调试工具。

Google Chrome 68.0.3440.75之前版本中的DevTools存在安全漏洞，该漏洞源于Page.downloadBehavior后端的实现将下载的文件标记为安全。攻击者可通过诱使用户安装恶意的扩展利用该漏洞绕过安全限制，进而在系统上写入任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-6152 https://www.securityfocus.com/bid/104887

Impacted products

Name
Google Chrome <66.0.3359.106

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2018-6152"
      },
      {
        "cveNumber": "104887"
      }
    ]
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Devtools\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\u3002\n\nGoogle Chrome 68.0.3440.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684DevTools\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePage.downloadBehavior\u540e\u7aef\u7684\u5b9e\u73b0\u5c06\u4e0b\u8f7d\u7684\u6587\u4ef6\u6807\u8bb0\u4e3a\u5b89\u5168\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u6269\u5c55\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u8fdb\u800c\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Zhen Zhou of NSFOCUS Security Team, Omair, Natalie Silvanovich, Zhe Jin,Luyao Liu, Jun Kokatsu, evi1m0 of Bilibili, Khalil Zhani, Lnyas Zhang, Gunes Acar and Danny Y, Huang of Princeton University, Frank Li of UC Berkeley, Sam P, amazon@mimetics.ca, Mark B",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-01773",
  "openTime": "2019-01-15",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Devtools\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\u3002\r\n\r\nGoogle Chrome 68.0.3440.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684DevTools\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePage.downloadBehavior\u540e\u7aef\u7684\u5b9e\u73b0\u5c06\u4e0b\u8f7d\u7684\u6587\u4ef6\u6807\u8bb0\u4e3a\u5b89\u5168\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u6269\u5c55\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u8fdb\u800c\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-01773\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c66.0.3359.106"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6152\r\nhttps://www.securityfocus.com/bid/104887",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-05",
  "title": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-01773\uff09"
}

CVE-2018-6152 (GCVE-0-2018-6152)

Vulnerability from cvelistv5

Published

2018-12-04 17:00

Modified

2024-08-05 05:54

Severity ?

CWE

Insufficient policy enforcement

Summary

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

References

▼	URL	Tags
	https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html	x_refsource_CONFIRM
	https://crbug.com/805445	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:2282	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/201808-01	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2018/dsa-4256	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/104887	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Google	Chrome	Version: unspecified < 66.0.3359.117

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:54:53.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/805445"
          },
          {
            "name": "RHSA-2018:2282",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2282"
          },
          {
            "name": "GLSA-201808-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201808-01"
          },
          {
            "name": "DSA-4256",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4256"
          },
          {
            "name": "104887",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "66.0.3359.117",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T18:57:01",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/805445"
        },
        {
          "name": "RHSA-2018:2282",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2282"
        },
        {
          "name": "GLSA-201808-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201808-01"
        },
        {
          "name": "DSA-4256",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4256"
        },
        {
          "name": "104887",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104887"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-6152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "66.0.3359.117"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/805445",
              "refsource": "MISC",
              "url": "https://crbug.com/805445"
            },
            {
              "name": "RHSA-2018:2282",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2282"
            },
            {
              "name": "GLSA-201808-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201808-01"
            },
            {
              "name": "DSA-4256",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4256"
            },
            {
              "name": "104887",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104887"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-6152",
    "datePublished": "2018-12-04T17:00:00",
    "dateReserved": "2018-01-23T00:00:00",
    "dateUpdated": "2024-08-05T05:54:53.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted