SecuritySpace - CVE-2009-1412

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2009-1412

Description: Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-1412
http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc
XForce ISS Database: googlechrome-chromehtml-command-execution(50449)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50449

CVE ID:	CVE-2009-1412
Description:	Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1412 http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc XForce ISS Database: googlechrome-chromehtml-command-execution(50449) https://exchange.xforce.ibmcloud.com/vulnerabilities/50449