CVE 2018-6084
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
See the 
CVE page on Mitre.org
for more details.
