CVE-2009-1412

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

History

21 Nov 2024, 01:02

Type Values Removed Values Added
References () http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc - Exploit, Vendor Advisory () http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc - Exploit, Vendor Advisory
References () http://code.google.com/p/chromium/issues/detail?id=9860 - Exploit () http://code.google.com/p/chromium/issues/detail?id=9860 - Exploit
References () http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html - () http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 -

Information

Published : 2009-04-24 15:30

Updated : 2024-11-21 01:02


NVD link : CVE-2009-1412

Mitre link : CVE-2009-1412

CVE.ORG link : CVE-2009-1412


JSON object : View

Products Affected

microsoft

  • internet_explorer

google

  • chrome
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor