Arbitrary Code Execution via Malicious Chrome Extension in Google Chrome (CVE-2018-6148)
CVE-2018-6140 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Learn more about our Cis Benchmark Audit For Google Chrome.