Google Chrome < 67.0.3396.79 Security Bypass

Medium Nessus Network Monitor Plugin ID 700359

Synopsis

The remote host is utilizing a web browser that is affected by a security bypass attack vector.

Description

The version of Google Chrome installed on the remote host is prior to 67.0.3396.79, and is affected by an unspecified flaw that is triggered when handling character rangers in CSP headers. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2018-6148)

Solution

Upgrade to Chrome version 67.0.3396.79 or later.

Plugin Details

Severity: Medium

ID: 700359

Family: Web Clients

Published: 2018/08/23

Updated: 2019/03/06

Dependencies: 4645

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2018/06/06

Vulnerability Publication Date: 2018/05/24

Reference Information

CVE: CVE-2018-6148

BID: 104408