CVE-2018-18358

Name
CVE-2018-18358
Description
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Permissions Required https://crbug.com/899126
Release Notes https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Third Party Advisory https://www.debian.org/security/2018/dsa-4352
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3803
Third Party Advisory http://www.securityfocus.com/bid/106084
GENTOO https://security.gentoo.org/glsa/201908-18

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* chrome >= None < 71.0.3578.80

Vulnerable and fixed packages

Source package Branch Version Maintainer Status