﻿{"id":358,"date":"2018-08-16T20:44:47","date_gmt":"2018-08-17T01:44:47","guid":{"rendered":"https:\/\/www.uv.mx\/csirt\/?p=358"},"modified":"2018-08-17T11:46:34","modified_gmt":"2018-08-17T16:46:34","slug":"fallo-en-google-chrome-permite-obtener-informacion-privada","status":"publish","type":"post","link":"https:\/\/www.uv.mx\/csirt\/boletines\/fallo-en-google-chrome-permite-obtener-informacion-privada\/","title":{"rendered":"Fallo en Google Chrome permite obtener informaci\u00f3n privada"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-359\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/fallo-chrome-300x103.jpg\" alt=\"\" width=\"600\" height=\"206\" srcset=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/fallo-chrome-300x103.jpg 300w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/fallo-chrome-768x264.jpg 768w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/fallo-chrome.jpg 930w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>16\/08\/2018<\/p>\n<p><strong>Bolet\u00edn de seguridad inform\u00e1tica<\/strong><\/p>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-296\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/06\/informativo.jpg\" alt=\"\" width=\"121\" height=\"27\" \/>\u00a0<\/strong><\/p>\n<p><strong>Descripci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>El investigador de <strong>Imperva<\/strong> Ron Masas inform\u00f3 de una bug a Google\u00a0en el navegador Chrome, el fallo se presenta en el motor de renderizado <em>Blink <\/em>que es empleado en Chrome y Chromium aprovechando una vulnerabilidad identificada como CVE-2018-6177\u00a0en las etiquetas HTML de audio y v\u00eddeo,\u00a0 en principio\u00a0un atacante puede mediante un script enviar peticiones a una p\u00e1gina de Facebook permitiendo obtener detalles como el sexo, historial de ubicaciones y\u00a0los \u00abme gusta\u00bb, la informaci\u00f3n obtenida\u00a0 es bastante precisa independiente de la configuraci\u00f3n que se haya\u00a0establecido en las opciones de privacidad.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Recursos:<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li>Google Chrome<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Soluci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Google lanz\u00f3 una\u00a0correcci\u00f3n\u00a0para esta vulnerabilidad en la version 68,\u00a0\u00a0se recomienda actualizar el navegador a la ultima version 68.0.3440.106.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Para mas informaci\u00f3n<\/p>\n<p><a href=\"https:\/\/threatpost.com\/google-chrome-bug-opens-access-to-private-facebook-information\/136573\/\">https:\/\/threatpost.com\/google-chrome-bug-opens-access-to-private-facebook-information\/136573\/<\/a><\/p>\n<table width=\"90%\">\n<tbody>\n<tr>\n<td width=\"250\"><\/td>\n<td>\n<p><a href=\"https:\/\/threatpost.com\/google-chrome-bug-opens-access-to-private-facebook-information\/136573\/\">Google Chrome Bug Opens Access to Private Facebook Information<\/a><\/p>\n<p>threatpost.com<\/p>\n<p>The method could be used to deduce the age, sex, likes or the location history of a user \u2013 essentially, the attacker can play \u201c20 questions\u201d to profile the victim.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>Ante cualquier duda o aclaraci\u00f3n comun\u00edcate con el CSIRTUV a las extensiones 11505 y 11532\u00a0o al correo contactocsirt@uv.mx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>16\/08\/2018 Bolet\u00edn de seguridad inform\u00e1tica \u00a0 Descripci\u00f3n: &nbsp; El investigador de Imperva Ron Masas inform\u00f3 de una bug a Google\u00a0en el navegador Chrome, el fallo se presenta en el motor de renderizado Blink que es empleado en Chrome y Chromium aprovechando una vulnerabilidad identificada como CVE-2018-6177\u00a0en las etiquetas HTML de audio y v\u00eddeo,\u00a0 en principio\u00a0un [&hellip;]<\/p>\n","protected":false},"author":2037,"featured_media":359,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ventana_nueva":"","tipo_url":"","url":"","extracto":"","imagen_halign":"","imagen_valign":"","bg_size":"","text_hide":"","media_url":"","tipo_media":"","video_url":"","video_pos":"","video_youtube":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-358","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-boletines"],"_links":{"self":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/users\/2037"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":0,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media\/359"}],"wp:attachment":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}