Web application abuses : Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900860

Category: Web application abuses

Title: Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability

Summary: Google Chrome is prone to a cross-site scripting (XSS) vulnerability.

Description: Summary:
Google Chrome is prone to a cross-site scripting (XSS) vulnerability.

Vulnerability Insight:
Error exists when 'getSVGDocument' method omits an unspecified access check
which can be exploited by remote web servers to bypass the Same Origin
Policy and conduct XSS attacks via unknown vectors.

Vulnerability Impact:
Successful exploitation will allow remote attackers to conduct XSS attacks
on the victim's system via SVG document.

Affected Software/OS:
Google Chrome version prior to 3.0.195.21 on Windows.

Solution:
Upgrade to Google Chrom version 3.0.195.21 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3264
BugTraq ID: 36416
http://www.securityfocus.com/bid/36416
http://osvdb.org/58193
http://secunia.com/advisories/36770

Copyright Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900860
Category:	Web application abuses
Title:	Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability
Summary:	Google Chrome is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Google Chrome is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Error exists when 'getSVGDocument' method omits an unspecified access check which can be exploited by remote web servers to bypass the Same Origin Policy and conduct XSS attacks via unknown vectors. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct XSS attacks on the victim's system via SVG document. Affected Software/OS: Google Chrome version prior to 3.0.195.21 on Windows. Solution: Upgrade to Google Chrom version 3.0.195.21 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3264 BugTraq ID: 36416 http://www.securityfocus.com/bid/36416 http://osvdb.org/58193 http://secunia.com/advisories/36770
Copyright	Copyright (C) 2009 Greenbone AG