PT-2018-4757 · Google · Chromedriver

Published

2018-06-01

Updated

2019-10-09

CVE-2016-10579

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chromedriver versions prior to 2.26.1

Description The issue allows for a man-in-the-middle (MITM) attack due to the insecure download of binary resources over HTTP. This could potentially lead to remote code execution (RCE) if an attacker intercepts and modifies the downloaded binary, replacing it with a malicious one. An attacker with a privileged network position can modify or read resources at will, which may result in arbitrary code execution.

Recommendations Update to version 2.26.1 or later.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-310

Related Identifiers

CVE-2016-10579

GHSA-JH5W-6964-X5CF

Affected Products

Chromedriver

PT-2018-4757 · Google · Chromedriver

CVE-2016-10579

Weakness Enumeration

Related Identifiers

Affected Products

References · 9