Arbitrary Code Execution via Omitted .desktop Filetype in SafeBrowsing Checklist

Arbitrary Code Execution via Omitted .desktop Filetype in SafeBrowsing Checklist

CVE-2019-5774 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

Learn more about our Cis Benchmark Audit For Desktop Software.