Google Chrome < 67.0.3396.79 Security Bypass

medium Nessus Network Monitor Plugin ID 700359

Synopsis

The remote host is utilizing a web browser that is affected by a security bypass attack vector.

Description

The version of Google Chrome installed on the remote host is prior to 67.0.3396.79, and is affected by an unspecified flaw that is triggered when handling character rangers in CSP headers. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2018-6148)

Solution

Upgrade to Chrome version 67.0.3396.79 or later.

Plugin Details

Severity: Medium

ID: 700359

Family: Web Clients

Published: 8/23/2018

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 6/6/2018

Vulnerability Publication Date: 5/24/2018

Reference Information

CVE: CVE-2018-6148

BID: 104408

Detections

Analytics