Test ID:	1.3.6.1.4.1.25623.1.0.800561
Category:	Web application abuses
Title:	Google Chrome Multiple XSS Vulnerabilities (May 2009)
Summary:	Google Chrome is prone to multiple XSS vulnerabilities.
Description:	Summary: Google Chrome is prone to multiple XSS vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in chromeHTML URL protocol handler, that do not satisfy the IsWebSafeScheme restriction via a web page that sets document.location and also that are not constructed with sufficient escaping hence when invoked by Internet Explorer might open multiple tabs for unconstrained protocols such as javascript: or file:. - It may allow malicious URLs to bypass the same-origin policy and obtain sensitive information including authentication credentials. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes and XSS attack in the context of the web browser. Affected Software/OS: Google Chrome versions prior to 1.0.154.59. Solution: Upgrade to Google Chrome version 1.0.154.59. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1412 http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc XForce ISS Database: googlechrome-chromehtml-command-execution(50449) https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 Common Vulnerability Exposure (CVE) ID: CVE-2009-1340
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.