Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
2019-02-19T17:29:02.050
2024-11-21T04:45:28.747
Modified
CVSSv3.0: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | chrome | < 72.0.3626.81 | Yes | |
Operating System | apple | macos | - | No |
Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | fedoraproject | fedora | 29 | Yes |
Operating System | fedoraproject | fedora | 30 | Yes |