Web application abuses : Google Chrome RSS Or Atom Feed Cross-Site Scripting Vulnerability

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900861

Category: Web application abuses

Title: Google Chrome RSS Or Atom Feed Cross-Site Scripting Vulnerability

Summary: Check for the version of Google Chrome

Description:
Overview: This host is installed with Google Chrome and is prone to Cross-Site
Scripting vulnerability.

Vulnerability Insight:
An XSS vulnerability exists when the application fails to handle 'RSS' and 'Atom'
feed, related to the rendering of the application/rss+xml content type as
'scripted content.'.

Impact:
Successful exploitation will allow remote attackers to inject arbitrary web
script or HTML on the victim's system.

Impact Level: Application

Affected Software/OS:
Google Chrome version 2.x and 3.x before 3.0.195.21 on Windows.

Fix: Upgrade to Google Chrom version 3.0.195.21 or later
http://www.google.com/chrome

References:
http://secunia.com/advisories/36770
http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded
http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/

Cross-Ref: BugTraq ID: 36416
Common Vulnerability Exposure (CVE) ID: CVE-2009-3263
Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search)
http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded
http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
http://www.securityfocus.com/bid/36416
http://secunia.com/advisories/36770

Copyright Copyright (C) 2009 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.900861
Category:	Web application abuses
Title:	Google Chrome RSS Or Atom Feed Cross-Site Scripting Vulnerability
Summary:	Check for the version of Google Chrome
Description:	Overview: This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability. Vulnerability Insight: An XSS vulnerability exists when the application fails to handle 'RSS' and 'Atom' feed, related to the rendering of the application/rss+xml content type as 'scripted content.'. Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML on the victim's system. Impact Level: Application Affected Software/OS: Google Chrome version 2.x and 3.x before 3.0.195.21 on Windows. Fix: Upgrade to Google Chrom version 3.0.195.21 or later http://www.google.com/chrome References: http://secunia.com/advisories/36770 http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
Cross-Ref:	BugTraq ID: 36416 Common Vulnerability Exposure (CVE) ID: CVE-2009-3263 Bugtraq: 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more (Google Search) http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/ http://www.securityfocus.com/bid/36416 http://secunia.com/advisories/36770
Copyright	Copyright (C) 2009 SecPod