Google Chrome Cross-Site Request Forgery (CSRF) Vulnerability (Mac OS X) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to cross-site request forgery attack.

Impact

Successful exploitation will allow remote attackers to conduct the equivalent of a persistent Logout cross-site request forgery (CSRF) attack. Impact Level: Application

Solution

Upgrade to Google Chrome version 29 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to improper validation of 'HTTP Cookie headers' for restricted character-set.

Affected

Google Chrome version prior to 29 on Mac OS X.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://seclists.org/oss-sec/2013/q4/117
http://www.openwall.com/lists/oss-security/2013/04/03/10
https://code.google.com/p/chromium/issues/detail?id=238041

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6166

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari 'background' Remote Denial Of Service Vulnerability
Apache Tomcat XML External Entity Information Disclosure Vulnerability
Adobe Flash Media Server Video Stream Capture Security Issue
Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability

Take action and discover your vulnerabilities