Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc - Exploit, Vendor Advisory | |
References | () http://code.google.com/p/chromium/issues/detail?id=9860 - Exploit | |
References | () http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 - |
Information
Published : 2009-04-24 15:30
Updated : 2024-11-21 01:02
NVD link : CVE-2009-1412
Mitre link : CVE-2009-1412
CVE.ORG link : CVE-2009-1412
JSON object : View
Products Affected
microsoft
- internet_explorer
- chrome
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor