Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Home和Chromecast 安全漏洞
Vulnerability Description
Google Home和Chromecast都是美国谷歌(Google)公司的产品。Google Home是一款智能音箱设备。Chromecast是一款网络电视机顶盒设备。 Google Home和Chromecast中的API服务存在安全漏洞。远程攻击者可利用该漏洞确定大部分Web浏览器的物理位置。
CVSS Information
N/A
Vulnerability Type
N/A