{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "68.0.3440.75", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension."}], "problemTypes": [{"descriptions": [{"description": "Insufficient policy enforcement", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-27T16:13:43.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/666824"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2018-6176", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "68.0.3440.75"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient policy enforcement"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"}, {"name": "https://crbug.com/666824", "refsource": "MISC", "url": "https://crbug.com/666824"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:54:53.298Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/666824"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2018-6176", "datePublished": "2019-06-27T16:13:43.000Z", "dateReserved": "2018-01-23T00:00:00.000Z", "dateUpdated": "2024-08-05T05:54:53.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBE6E6EC-3F0E-4FAD-9EC6-16742B562589", "versionEndExcluding": "68.0.3440.75", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension."}, {"lang": "es", "value": "La aplicaci\u00f3n insuficiente del tipo de archivo en la API de Extensions en Google Chrome antes de 68.0.3440.75 permiti\u00f3 que un atacante remoto que hab\u00eda comprometido el proceso del renderizador realizara una escalada de privilegios a trav\u00e9s de una extensi\u00f3n de Chrome dise\u00f1ada."}], "id": "CVE-2018-6176", "lastModified": "2024-11-21T04:10:13.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-27T17:15:13.490", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/666824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/666824"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:2282", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:68.0.3440.75-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2018-07-30T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: Local user privilege escalation in Extensions", "id": "1608200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608200"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "details": ["Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension."], "name": "CVE-2018-6176", "public_date": "2018-07-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-6176\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6176\nhttps://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"], "threat_severity": "Moderate"}

{}