Gladiator Security Forum > Google Chrome "ChromeHTML" URI Handler Vulnerability

Full Version: Google Chrome "ChromeHTML" URI Handler Vulnerability

Gladiator Security Forum > Forum Rules > Security Bulletins

jasper the rasper

Apr 24 2009, 08:55 PM

QUOTE

TITLE:
Google Chrome "ChromeHTML" URI Handler Vulnerability

SECUNIA ADVISORY ID:
SA34900

VERIFY ADVISORY:
http://secunia.com/advisories/34900/

DESCRIPTION:
A vulnerability has been reported in Google Chrome, which can be
exploited by malicious people to disclose certain system information
and conduct cross-site scripting attacks.

The vulnerability is caused due to the improper handling of
"ChromeHTML" URIs, which can be exploited to enumerate local files
and folders or execute arbitrary HTML and script code in a user's
browser session in context of arbitrary websites by tricking the user
into clicking a specially crafted link in Internet Explorer.

Successful exploitation requires that Google Chrome is not running
and that a victim follows a malicious link in Internet Explorer.

The vulnerability is reported in version 1.0.154.55 and prior.

SOLUTION:
Update to version 1.0.154.59.

PROVIDED AND/OR DISCOVERED BY:
Roi Saltzman, IBM Rational Application Security Research Group

ORIGINAL ADVISORY:
http://code.google.com/p/chromium/issues/detail?id=9860

http://googlechromereleases.blogspot.com/2...curity-fix.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.