[PCWorks] Google Chrome "ChromeHTML" URI Handler Vulnerability

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Sat, 25 Apr 2009 01:28:23 -0500

TITLE:
Google Chrome "ChromeHTML" URI Handler Vulnerability

SECUNIA ADVISORY ID:
SA34900

VERIFY ADVISORY:
http://secunia.com/advisories/34900/

DESCRIPTION:
A vulnerability has been reported in Google Chrome, which can be
exploited by malicious people to disclose certain system 
information
and conduct cross-site scripting attacks.

The vulnerability is caused due to the improper handling of
"ChromeHTML" URIs, which can be exploited to enumerate local 
files
and folders or execute arbitrary HTML and script code in a user's
browser session in context of arbitrary websites by tricking the 
user
into clicking a specially crafted link in Internet Explorer.

Successful exploitation requires that Google Chrome is not 
running
and that a victim follows a malicious link in Internet Explorer.

The vulnerability is reported in version 1.0.154.55 and prior.

SOLUTION:
Update to version 1.0.154.59.

ORIGINAL ADVISORY:
http://code.google.com/p/chromium/issues/detail?id=9860

http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Google Chrome "ChromeHTML" URI Handler Vulnerability - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 04-2009