CVE-2018-18358
Description
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
Risk Information
Base Score
5.7
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.112
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Google Chrome (x64) (71.0.3578.80) | Windows |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) | Windows |
| Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (71.0.3578.80) | Mac |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Debian) | Linux |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Centos) | Linux |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For RedHat) | Linux |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Suse) | Linux |
| Multiple vulnerabilities fixed in Google Chrome (71.0.3578.80) (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
| PATCH-313038 | Google Chrome (80.0.3987.122) |
| PATCH-609673 | Google Chrome for Mac (132.0.6834.83, 132.0.6834.84) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234