Description
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4243
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html
Issue Tracking x_refsource_misc
https://crbug.com/777215
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-08
Scores
CVSS v3
7.8
EPSS
0.0088
EPSS Percentile
54.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-93
Status
published
Products (1)
google/chrome_os
< 62.0.3202.74
Published
Feb 07, 2018
Tracked Since
Feb 18, 2026