CVE-2018-18353Google Chrome vulnerability

7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.2%
top 20.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Linux+3 more
Timeline
PublishedDec 11
Latest updateMay 13

Description

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5google/chromeunspecified71.0.3578.80
NVDgoogle/chrome< 71.0.3578.80
Debianchromium/chromium< 71.0.3578.80-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-rxwh-wq59-wv5r: Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 712022-05-13
CVEList
CVE-2018-18353: Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 712018-12-11
OSV
CVE-2018-18353: Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 712018-12-11

📋Vendor Advisories

2
Red Hat
chromium-browser: Inappropriate implementation in Network Authentication2018-12-04
Debian
CVE-2018-18353: chromium - Failure to dismiss http auth dialogs on navigation in Network Authentication in ...2018

💬Community

1
Bugzilla
CVE-2018-18353 chromium-browser: Inappropriate implementation in Network Authentication2018-12-05
CVE-2018-18353 — Google Chrome vulnerability | cvebase