Design/Logic Flaw

2023-08-0908:15:00

PRIOn knowledge base

www.prio-n.com

chrome

web browser

session

access

vulnerability

logic flaw

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user’s session.

CPENameOperatorVersion
cmclt22.6.2
guardianlt22.6.2

CPE	Name	Operator	Version
	cmc	lt	22.6.2
	guardian	lt	22.6.2

References

security.nozominetworks.com/NN-2023:8-01