Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.