cnvd - cnvd-2019-01773

CNVD-2019-01773

Vulnerability from cnvd - Published: 2019-01-15

Title

Google Chrome安全绕过漏洞（CNVD-2019-01773）

Description

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。Devtools是其中的一个开发调试工具。 Google Chrome 68.0.3440.75之前版本中的DevTools存在安全漏洞，该漏洞源于Page.downloadBehavior后端的实现将下载的文件标记为安全。攻击者可通过诱使用户安装恶意的扩展利用该漏洞绕过安全限制，进而在系统上写入任意文件。

Severity

中

Patch Name

Google Chrome安全绕过漏洞（CNVD-2019-01773）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-6152 https://www.securityfocus.com/bid/104887

Impacted products

Name
Google Chrome <66.0.3359.106

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2018-6152"
      },
      {
        "cveNumber": "104887"
      }
    ]
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Devtools\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\u3002\n\nGoogle Chrome 68.0.3440.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684DevTools\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePage.downloadBehavior\u540e\u7aef\u7684\u5b9e\u73b0\u5c06\u4e0b\u8f7d\u7684\u6587\u4ef6\u6807\u8bb0\u4e3a\u5b89\u5168\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u6269\u5c55\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u8fdb\u800c\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Zhen Zhou of NSFOCUS Security Team, Omair, Natalie Silvanovich, Zhe Jin,Luyao Liu, Jun Kokatsu, evi1m0 of Bilibili, Khalil Zhani, Lnyas Zhang, Gunes Acar and Danny Y, Huang of Princeton University, Frank Li of UC Berkeley, Sam P, amazon@mimetics.ca, Mark B",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-01773",
  "openTime": "2019-01-15",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Devtools\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\u3002\r\n\r\nGoogle Chrome 68.0.3440.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684DevTools\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ePage.downloadBehavior\u540e\u7aef\u7684\u5b9e\u73b0\u5c06\u4e0b\u8f7d\u7684\u6587\u4ef6\u6807\u8bb0\u4e3a\u5b89\u5168\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u7684\u6269\u5c55\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u8fdb\u800c\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-01773\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c66.0.3359.106"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6152\r\nhttps://www.securityfocus.com/bid/104887",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-05",
  "title": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2019-01773\uff09"
}

CVE-2018-6152 (GCVE-0-2018-6152)

Vulnerability from cvelistv5 – Published: 2018-12-04 17:00 – Updated: 2024-08-05 05:54

Summary

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2018/04/sta…	x_refsource_CONFIRM
	https://crbug.com/805445	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:2282	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/201808-01	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2018/dsa-4256	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/104887	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 66.0.3359.117 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:54:53.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/805445"
          },
          {
            "name": "RHSA-2018:2282",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2282"
          },
          {
            "name": "GLSA-201808-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201808-01"
          },
          {
            "name": "DSA-4256",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4256"
          },
          {
            "name": "104887",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "66.0.3359.117",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T18:57:01",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/805445"
        },
        {
          "name": "RHSA-2018:2282",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2282"
        },
        {
          "name": "GLSA-201808-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201808-01"
        },
        {
          "name": "DSA-4256",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4256"
        },
        {
          "name": "104887",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104887"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-6152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "66.0.3359.117"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/805445",
              "refsource": "MISC",
              "url": "https://crbug.com/805445"
            },
            {
              "name": "RHSA-2018:2282",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2282"
            },
            {
              "name": "GLSA-201808-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201808-01"
            },
            {
              "name": "DSA-4256",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4256"
            },
            {
              "name": "104887",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104887"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-6152",
    "datePublished": "2018-12-04T17:00:00",
    "dateReserved": "2018-01-23T00:00:00",
    "dateUpdated": "2024-08-05T05:54:53.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-01773

CVE-2018-6152 (GCVE-0-2018-6152)

Tags

Sightings

Nomenclature