Google Chrome < 0.3.154.9 Address Spoofing

Medium Log Correlation Engine Plugin ID 800926

Synopsis

The remote host contains a web browser that is affected by an address spoofing vulnerability.

Description

The version of Google Chrome installed on the remote host is earlier than 0.3.154.9. Such versions are reportedly are affected by an address spoofing vulnerability in pop-ups. An attacker can leverage this issue to manipulate a window's address bar to show a different address than the actual origin of the content.

Solution

Upgrade to version 0.3.154.9 or higher.

See Also

googlechromereleases.blogspot.com/2008/10/beta-release-031549.html

http://.securityfocus.com/archive/1/498232/30/0/threaded

Plugin Details

Severity: Medium

ID: 800926

File Name: 800926.prm

Family: Web Clients

Nessus ID: 34742

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Reference Information

BID: 32258