CVE-2009-1412

NONECVSS 0.0

0.0

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.

🔗 References (8)

cve@mitrehttp://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc
cve@mitrehttp://code.google.com/p/chromium/issues/detail?id=9860
cve@mitrehttp://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/50449
af854a3a-2127-422b-91ae-364da2661108http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/chromium/issues/detail?id=9860
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50449

Is Your Infrastructure Affected by CVE-2009-1412?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-1412

📅 Published

🔄 Last Modified

🔗 References (8)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-1412?