|Category:||Web application abuses|
|Title:||Google Chrome Multilpe XSS Vulnerabilities (May 09)|
|Summary:||Check for the version of Google Chrome|
Overview: The host is installed with Google Chrome and is prone to
multiple XSS vulnerabilities.
- Error in chromeHTML URL protocol handler, that do not satisfy the
IsWebSafeScheme restriction via a web page that sets document.location
and also that are not constructed with sufficient escaping hence when
invoked by Internet Explorer might open multiple tabs for unconstrained
- It may allow malicious URLs to bypass the same-origin policy and
obtain sensitive information including authentication credentials.
Successful exploitation will let the attacker execute arbitrary codes and
XSS attack in the context of the web browser.
Google Chrome versions prior to 18.104.22.168.
Fix: Upgrade to Google Chrome version 22.214.171.124.
BugTraq ID: 34704|
Common Vulnerability Exposure (CVE) ID: CVE-2009-1412
XForce ISS Database: googlechrome-chromehtml-command-execution(50449)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1340
|Copyright||Copyright (C) 2009 Greenbone Networks GmbH|
|This is only one of 49323 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.