Lucene search
Copyright (C) 2009 Greenbone AGOPENVAS:1361412562310800223HistoryFeb 04, 2009 - 12:00 a.m.
Google Chrome Clickjacking Vulnerability
2009-02-0400:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
13
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
90.0%
Google Chrome is prone to clickjacking vulnerability.
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800223");
script_version("2023-07-27T05:05:08+0000");
script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
script_tag(name:"creation_date", value:"2009-02-04 15:43:54 +0100 (Wed, 04 Feb 2009)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cve_id("CVE-2009-0374");
script_name("Google Chrome Clickjacking Vulnerability");
script_xref(name:"URL", value:"http://www.milw0rm.com/exploits/7903");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/500533/100/0/threaded");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/500499/100/0/threaded");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"executable_version");
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_google_chrome_detect_portable_win.nasl");
script_mandatory_keys("GoogleChrome/Win/Ver");
script_tag(name:"impact", value:"Successful exploitation will let the attacker execute arbitrary codes in
the context of the web browser and can gain sensitive information of the
remote user through the crafted URL through arbitrary scripts.");
script_tag(name:"affected", value:"Google Chrome version 1.0.154.43 and prior.");
script_tag(name:"insight", value:"Clickjacking attack vector which hides the destination authentic URL and
places arbitrary malicious URL which is being displayed in the user's
browser.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.");
script_tag(name:"summary", value:"Google Chrome is prone to clickjacking vulnerability.");
script_tag(name:"solution_type", value:"WillNotFix");
script_xref(name:"URL", value:"http://googlechromereleases.blogspot.com");
exit(0);
}
include("version_func.inc");
chromeVer = get_kb_item("GoogleChrome/Win/Ver");
if(!chromeVer){
exit(0);
}
if(version_is_less_equal(version:chromeVer, test_version:"1.0.154.43")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
exit(99);
Related
debiancve
debiancve
CVE-2009-0374
2009-01-30 21:30:00
cvelist
cvelist
CVE-2009-0374
2009-01-30 21:00:00
cve
cve
CVE-2009-0374
2009-01-30 21:30:00
openvas
openvas
Google Chrome Clickjacking Vulnerability
2009-02-04 00:00:00
prion
prion
Spoofing
2009-01-30 21:30:00
nvd
nvd
CVE-2009-0374
2009-01-30 21:30:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
90.0%
Related for OPENVAS:1361412562310800223