Google Chrome Cross-Site Request Forgery (CSRF) Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to cross-site request forgery attack.

Impact

Successful exploitation will allow remote attackers to conduct the equivalent of a persistent Logout cross-site request forgery (CSRF) attack. Impact Level: Application

Solution

Upgrade to Google Chrome version 29 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to improper validation of 'HTTP Cookie headers' for restricted character-set.

Affected

Google Chrome version prior to 29 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://seclists.org/oss-sec/2013/q4/117
http://www.openwall.com/lists/oss-security/2013/04/03/10
https://code.google.com/p/chromium/issues/detail?id=238041

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6166

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)

Take action and discover your vulnerabilities