Arbitrary Code Execution via Malicious Chrome Extension in Google Chrome (CVE-2018-6148)

Arbitrary Code Execution via Malicious Chrome Extension in Google Chrome (CVE-2018-6148)

CVE-2018-6140 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Learn more about our Cis Benchmark Audit For Google Chrome.