Google Chrome Cross-Site Request Forgery (CSRF) Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to cross-site request forgery attack.

Impact

Successful exploitation will allow remote attackers to conduct the equivalent of a persistent Logout cross-site request forgery (CSRF) attack. Impact Level: Application

Solution

Upgrade to Google Chrome version 29 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to improper validation of 'HTTP Cookie headers' for restricted character-set.

Affected

Google Chrome version prior to 29 on Linux.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://seclists.org/oss-sec/2013/q4/117
http://www.openwall.com/lists/oss-security/2013/04/03/10
https://code.google.com/p/chromium/issues/detail?id=238041

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6166

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
Aardvark Topsites Multiple Vulnerabilities
Apache /server-status accessible
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability

Take action and discover your vulnerabilities