Insufficient Policy Enforcement Vulnerability in Google Chrome Browser by Google
CVE-2017-15393

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

Summary

A vulnerability in Google Chrome's remote debugging feature could allow an attacker to exploit insufficient policy enforcement. By crafting a malicious HTML page, an attacker may gain unauthorized access to remote debugging functionalities, potentially leading to sensitive data exposure through Referer leaks. This incident emphasizes the need for robust security practices to safeguard against remote exploitation.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://crbug.com/732751
x_refsource_MISC
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.