cvedb.io
CVE-2018-6109
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2019-01-09T19:29:08.353 · Last modified 2026-06-17T02:01:20.760

Summary

readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.

Affected products

google — chrome

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.