Описание
Skype Extension for Chrome Information Disclosure Vulnerability
FAQ
How can I get the update for Skype Extension for Chrome?
The Skype Extension for Chrome is available in the Chrome Web Store.
- Open the Chrome Web Store and type "Skype" into the search box.
- Scroll down to Extensions. The Skype Extension will be the first on the list
- Click on the Add to Chrome button.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the target's Skype ID. If an attacker gains access to that ID they could potentially match it within Skype to a name and Avatar for the user.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
A targeted user would need to visit a malicious user's website using Chrome with this Extension while the user is logged into a Microsoft account.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Skype Extension for Chrome |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Skype Extension for Chrome Information Disclosure Vulnerability
Skype Extension for Chrome Information Disclosure Vulnerability.
Уязвимость расширения для мгновенного обмена сообщениями Skype Extension for Chrome, связанная с недостатками разграничений контролируемой области системы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3