PT-2014-3033 · Google · Google Chrome
Published
2014-02-15
·
Updated
2014-02-18
·
CVE-2013-6166
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 29
Description
The issue allows remote attackers to conduct a persistent Logout CSRF attack by sending HTTP Cookie headers without proper validation of required character-set restrictions. This can be achieved via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Recommendations
For versions prior to 29, update to version 29 or later to resolve the issue.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome