Summary
This host is installed with Google Chrome Web Browser and is prone to Security Bypass vulnerability.
Impact
Successfully exploitation will allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attack.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Google Chrome fails to properly validate '\0' character in the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.
Affected
Google Chrome version 3.0.193.21 and prior on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3456 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)