360 security browser to fix more Chrome kernel vulnerabilities and plugging the hacking of door-vulnerability warning-the black bar safety net

2018-04-1600:00:00

佚名

www.myhack58.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

87.1%

JSON

Recently, a new version of 360 browser first to fix the Google Chrome kernel exposed a number of security vulnerabilities, of which more than half of the vulnerabilities are high-risk vulnerability that could be used for arbitrary code execution or DoS attacks. Since the 360 browser uses IE and Chrome Dual-Core, the first to repair these kernel vulnerabilities will greatly enhance their security.

This fixes CVE-2018-6031 vulnerability, for example, the vulnerability endanger the Chrome 64.0.3282.119 all previous versions. An attacker can exploit the vulnerability in the browser’s context the execution of arbitrary code, and bypass security restrictions, perform unauthorized actions. Once the cookie-based authentication credentials by an attacker steal the phone, they can use this to initiate other attacks.

360 browser product owner in an interview: the 360 company always put safety as their core advantage. The first in the industry to fix the Chrome kernel vulnerabilities, blocking hacker attacks, the majority of users will get more secure browsing experience.

! [](/Article/UploadPic/2018-4/2018416183727248. png)

[1] [2] next