VYPR
Medium severity6.1NVD Advisory· Published Jan 9, 2019· Updated Jun 17, 2026

CVE-2018-20071

CVE-2018-20071

Description

Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.

Affected products

2
  • Google/Chromellm-fuzzy2 versions
    <70.0.3538.67+ 1 more
    • (no CPE)range: <70.0.3538.67
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.