CVE-2018-20073: Inappropriate implementation in downloadsReported

Reference Links

• https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html (Advisory)
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00057.html
• https://crbug.com/733943

Parent vulnerabilities

(Appears in the following advisories)

• 6268810185140219955

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2019-5754
• CVE-2019-5782
• CVE-2019-5755
• CVE-2019-5756
• CVE-2019-5757
• CVE-2019-5758
• CVE-2019-5759
• CVE-2019-5760
• CVE-2019-5761
• CVE-2019-5762
• CVE-2019-5763
• CVE-2019-5764
• CVE-2019-13768
• CVE-2019-5765
• CVE-2019-5785
• CVE-2019-5766
• CVE-2019-5767
• CVE-2019-5768
• CVE-2019-5769
• CVE-2019-5770
• CVE-2019-5771
• CVE-2019-5772
• CVE-2019-5773
• CVE-2019-5774
• CVE-2019-5775
• CVE-2019-5776
• CVE-2019-5777
• CVE-2019-5778
• CVE-2019-5779
• CVE-2019-5780
• CVE-2019-5783
• CVE-2019-5781
• CVE-2019-13684

Frequently Asked Questions

• What is the severity of CVE-2018-20073?

  CVE-2018-20073 has been rated as a moderate severity vulnerability.

• How do I fix CVE-2018-20073?

  To fix CVE-2018-20073, update Google Chrome to version 72.0.3626.81 or later.

• What impact does CVE-2018-20073 have on users?

  CVE-2018-20073 allows local attackers to read download URLs from the filesystem, which can expose sensitive information.

• Is CVE-2018-20073 exploitable remotely?

  No, CVE-2018-20073 is a local vulnerability and requires physical access to exploit.

• Which versions of Google Chrome are affected by CVE-2018-20073?

  CVE-2018-20073 affects versions of Google Chrome prior to 72.0.3626.81.