#VU14047 Privilege escalation in Google Chrome - CVE-2018-6176


Vulnerability identifier: #VU14047

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-6176

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description
The vulnerability allows a local atacaker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. A local attacker can use specially crafted extensions and gain elevated privileges in Extensions to conduct further attacks.

Mitigation
Update to version 68.0.3440.75.

Vulnerable software versions

Google Chrome: 65.0.3325.162 - 67.0.3396.99

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1608211

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Chromium, Google Chrome
Fedora EPEL 7 update for chromium
Fedora 28 update for chromium
Fedora 27 update for chromium
Red Hat update for Google Chrome
OpenSUSE Linux update for Chromium
SUSE Linux update for chromium
Debian update for chromium-browser
Multiple vulnerabilities in Google Chrome