Industry News

Chrome, Firefox Vulnerable to Cookie Injection Attacks, CERT Warns

Browser cookies can be used to bypass HTTPS connections and facilitate man-in-the-middle attacks, according to a CERT advisory.

“Attackers who act as a man-in-the-middle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections,” the note says.

Modern browsers including Apple’s Safari, Mozilla’s Firefox and Google’s Chrome apparently have a faulty implementation that leaves them vulnerable to cookie injection attacks. Although cookies can contain a ‘secure flag’ that limits their use to HTTPS connections, outdated browsers don’t check the source of an HTTPS cookie.

This means man-in-the-middle attackers could set an HTTPS cookie masquerading as another site: “an attacker may set cookies for and override the real cookie for”

Fake cookies set in this way can facilitate the disclosure of any private data being transmitted in the session.
We find that cookie-related vulnerabilities are present in important sites (such as Google and Bank of America), and can be made worse by the implementation weaknesses we discovered in major web browsers (such as Chrome, Firefox, and Safari),” CERT says.

Site owners are advised to enable HSTS (HTTP strict transport security) with the included Subdomains option. This partially mitigates the attacker’s ability to set top-level cookies that may override subdomain cookies.

The latest versions of the mentioned browsers are not affected, so it’s best to update your browser.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

1 Comment

Click here to post a comment
  • Hi, a question. If the option of chrome “Block cookies from third-party” is activated, this attack can happen?