Google Chrome < 59.0.3071.115 Character Sanitization Vulnerability

medium Nessus Network Monitor Plugin ID 700343

Synopsis

The remote host is utilizing a web browser that is affected by a character sanitization issue.

Description

The version of Google Chrome installed on the remote host is prior to 59.0.3071.115, and is affected by a flaw that is triggered as it does not properly limit U+0620 characters (Arabic letter KASHMIRI YEH) before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof a valid URL and conduct phishing attacks.

Solution

Upgrade to Chrome version 59.0.3071.115 or later.

Plugin Details

Severity: Medium

ID: 700343

Family: Web Clients

Published: 8/23/2018

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 6/26/2017

Vulnerability Publication Date: 6/9/2017

Reference Information

CVE: CVE-2017-5090

BID: 101591

Detections

Analytics