Google Chrome < 13.0.782.218 Out of Date CA List

Medium Log Correlation Engine Plugin ID 800900

Synopsis

The remote host contains a web browser that uses an out of date certificate authority list.

Description

Versions of Google Chrome earlier than 13.0.782.218 use an out of date certificate authority list. Due to the issuance of several fraudulent SSL certificates, the certificate authority DigiNotar has been disabled in Google Chrome.

Solution

Upgrade to Google Chrome 13.0.782.218 or later.

See Also

googlechromereleases.blogspot.com/2011/08/stable-update.html

googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

codereview.chromium.org/7791032/diff/2001/net/base/x509_certificate.cc

Plugin Details

Severity: Medium

ID: 800900

File Name: 800900.prm

Family: Web Clients

Published: 2011/08/31

Nessus ID: 56023

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

Patch Publication Date: 2011/08/30

Vulnerability Publication Date: 2011/08/29