EPSS
Percentile
64.8%
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
bugzilla.redhat.com/show_bug.cgi?id=1626286
www.cve.org/CVERecord?id=CVE-2018-16088 https://nvd.nist.gov/vuln/detail/CVE-2018-16088 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html