Google Chrome

Naviga SWZ: Home Page » News
News del 25 Aprile 09 Autore: Gianplugged
Google Chrome

Edit (24 April): Removed "Such an attack only works if Chrome is not already running."

Google Chrome´s Stable channel has been updated to to fix a security issue:

CVE-2009-1340 ChromeHTML protocol handler same-origin bypass
An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker´s choice.

See for more details.

Affected versions: and earlier

Severity: High. This allows universal cross-site scripting (UXSS) without user interaction under certain conditions.

Credit: Roi Saltzman ( Security Researcher at IBM Rational Application Security Research Group

Inserisci un commento sul forum Commenta la News sul Forum


Categoria: P2P e Web

Licenza: Open source

Dimensioni: 535 KB

OS: Windows

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter