HomePentest-Tools.com Logo

Google Chrome Secure Cookie Security Bypass Vulnerability (Mac OS X) CVE-2008-7294

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to a security bypass vulnerability.

Risk description

The flaw is due to improper restrictions for modifications to cookies established in HTTPS sessions i.e lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. Successful exploitation will allow attackers to overwrite or delete arbitrary cookies by sending a specially crafted HTTP response through a man-in-the- middle attack.

Recommendation

Upgrade to the Google Chrome 4.0.211.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 9, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available