chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the $HOME
environment variable in Linux operating systems. This issue is patched in version 0.13.2.
{ "github_reviewed": true, "github_reviewed_at": "2023-02-10T19:46:54Z", "nvd_published_at": "2020-05-02T16:15:00Z", "cwe_ids": [ "CWE-78" ], "severity": "CRITICAL" }