Google Chrome prior 69.0.3497.81 Policy Enforcement privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (β) |
|---|---|
| 4.8 | $5k-$25k |
A vulnerability was found in Google Chrome (Web Browser). It has been declared as critical. This vulnerability affects an unknown functionality of the component Policy Enforcement. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability.
The bug was discovered 09/04/2018. The weakness was disclosed 06/27/2019. This vulnerability was named CVE-2018-16086 since 08/29/2018. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 06/27/2019). It is expected to see the exploit prices for this product increasing in the near future.
The vulnerability scanner Nessus provides a plugin with the ID 117333 (Google Chrome Windows and running in the context local.
Upgrading to version 69.0.3497.81 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (117333). The entries 128858, 128860, 128861 and 128862 are pretty similar.
Type
Vendor
Name
VulDB Meta Base Score: 5.0
VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: π
VulDB Reliability: π
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| π | π | π | π | π | π |
| π | π | π | π | π | π |
| π | π | π | π | π | π |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Privilege escalation (CWE-269)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 117333
Nessus Name: Google Chrome Nessus File: π
Nessus Risk: π
Nessus Family: π
Nessus Context: π
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: Chrome 69.0.3497.81
08/29/2018 CVE assigned
09/04/2018 Vulnerability found
09/04/2018 Countermeasure disclosed
09/06/2018 Nessus plugin released
06/27/2019 Advisory disclosed
06/27/2019 VulDB entry created
06/27/2019 VulDB last updateVendor: google.com
Product: google.com
CVE: CVE-2018-16086 (π)
OSVDB: - Google Chrome New Tab Page cross-site scripting
See also: π
Created: 06/27/2019 09:46 PM
Complete: π
Comments
See the underground prices here!
https://vuldb.com/?id.136942
Comments are closed.
No comments yet. Please log in to comment.