Launchpad.net

CVE 2017-5084

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

See the CVE page on Mitre.org for more details.