Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
https://seclists.org/bugtraq/2019/Aug/19