In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded binary file, replacing it with a malicious one.

## Recommendation

Update to version 2.26.1 or later.

Affected Packages

npm chromedriver

Affected versions: 0 (fixed in 2.26.1)

Related CVEs

CVE-2016-10579

Key Information

GHSA ID

GHSA-jh5w-6964-x5cf

Published

February 18, 2019 11:58 PM

Last Modified

August 31, 2020 6:12 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

chromedriver

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.