4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
90.0%
Google Chrome is prone to clickjacking vulnerability.
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800223");
script_version("2023-07-27T05:05:08+0000");
script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
script_tag(name:"creation_date", value:"2009-02-04 15:43:54 +0100 (Wed, 04 Feb 2009)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cve_id("CVE-2009-0374");
script_name("Google Chrome Clickjacking Vulnerability");
script_xref(name:"URL", value:"http://www.milw0rm.com/exploits/7903");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/500533/100/0/threaded");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/500499/100/0/threaded");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"executable_version");
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_google_chrome_detect_portable_win.nasl");
script_mandatory_keys("GoogleChrome/Win/Ver");
script_tag(name:"impact", value:"Successful exploitation will let the attacker execute arbitrary codes in
the context of the web browser and can gain sensitive information of the
remote user through the crafted URL through arbitrary scripts.");
script_tag(name:"affected", value:"Google Chrome version 1.0.154.43 and prior.");
script_tag(name:"insight", value:"Clickjacking attack vector which hides the destination authentic URL and
places arbitrary malicious URL which is being displayed in the user's
browser.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.");
script_tag(name:"summary", value:"Google Chrome is prone to clickjacking vulnerability.");
script_tag(name:"solution_type", value:"WillNotFix");
script_xref(name:"URL", value:"http://googlechromereleases.blogspot.com");
exit(0);
}
include("version_func.inc");
chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(!chromeVer){
exit(0);
}
if(version_is_less_equal(version:chromeVer, test_version:"1.0.154.43")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
exit(99);