Google Chrome prior 69.0.3497.81 Policy Enforcement privilege escalation – DigitalMunition




Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on June 27th, 2019 📆 | 7912 Views ⚑

0

Google Chrome prior 69.0.3497.81 Policy Enforcement privilege escalation

CVSS Meta Temp Score Current Exploit Price (≈)
4.8 $5k-$25k

A vulnerability was found in Google Chrome (Web Browser). It has been declared as critical. This vulnerability affects an unknown functionality of the component Policy Enforcement. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability.

The bug was discovered 09/04/2018. The weakness was disclosed 06/27/2019. This vulnerability was named CVE-2018-16086 since 08/29/2018. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 06/27/2019). It is expected to see the exploit prices for this product increasing in the near future.

The vulnerability scanner Nessus provides a plugin with the ID 117333 (Google Chrome Windows and running in the context local.

Upgrading to version 69.0.3497.81 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (117333). The entries 128858, 128860, 128861 and 128862 are pretty similar.

Type

Vendor

Name

VulDB Meta Base Score: 5.0
VulDB Meta Temp Score: 4.8

VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: 🔒
VulDB Reliability: 🔍


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation (CWE-269)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒


Nessus ID: 117333
Nessus Name: Google Chrome Nessus File: 🔒
Nessus Risk: 🔒
Nessus Family: 🔒
Nessus Context: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Chrome 69.0.3497.81

08/29/2018 CVE assigned
09/04/2018 +6 days Vulnerability found
09/04/2018 +0 days Countermeasure disclosed
09/06/2018 +2 days Nessus plugin released
06/27/2019 +294 days Advisory disclosed
06/27/2019 +0 days VulDB entry created
06/27/2019 +0 days VulDB last updateVendor: google.com
Product: google.com
CVE: CVE-2018-16086 (🔒)
OSVDB: – Google Chrome New Tab Page cross-site scripting

See also: 🔒

Created: 06/27/2019 09:46 PM
Complete: 🔍

Comments

No comments yet. Please log in to comment.

See the underground prices here!

https://vuldb.com/?id.136942

Free Download WordPress Themes
Download WordPress Themes Free
Download Nulled WordPress Themes
Download WordPress Themes
udemy paid course free download

Tagged with:



Leave a Reply ✍


loading...