Google Chrome < 0.3.154.9 Address Spoofing

Medium Nessus Network Monitor Plugin ID 4748

Synopsis

The remote host contains a web browser that is affected by an address spoofing vulnerability.

Description

The version of Google Chrome installed on the remote host is earlier than 0.3.154.9. Such versions are reportedly are affected by an address spoofing vulnerability in pop-ups. An attacker can leverage this issue to manipulate a window's address bar to show a different address than the actual origin of the content.

Solution

Upgrade to version 0.3.154.9 or higher.

See Also

http://googlechromereleases.blogspot.com/2008/10/beta-release-031549.html

http://www.securityfocus.com/archive/1/498232/30/0/threaded

Plugin Details

Severity: Medium

ID: 4748

File Name: 4748.prm

Family: Web Clients

Published: 2008/11/12

Modified: 2016/11/23

Dependencies: 4645

Nessus ID: 34742

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

BID: 32258