Critical Vulnerability Information Vulnerability Description - Extensions with the "debugger" permission can inject code into file:/// origins using the Debugger API, without requiring explicit file URI access permission (the "Allow access to file URLs" checkbox). - Since the intent of this checkbox is to require more explicit user confirmation, this constitutes a security vulnerability. Affected Versions - Chrome Version: 54.0.2840.100 Stable - Operating System: Linux Reproduction Steps Severity - S2 Priority - P1 Status - Fixed Assigned To - rd...@chromium.org Reporter - ja...@google.com Related Tags - Vulnerability - FixSecurity - P1 - Security_Impact-Stable - CVE_description-submitted