MA-158.042009: MyCERT Alert - Google Chrome ChromeHTML Protocol Handler Same-Origin Bypass 1.0 Introduction A critical vulnerability has been identified in Google Chrome 1.0.154.55 and earlier versions. This vulnerability allows remote attackers to perform remote code execution through the ChromeHTML URI has been found and fixed in the past. However, it is still possible to make Google Chrome load arbitrary and potentially malicious URIs using the ChromeHTML URI handler. Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft an attack for user that browses a malicious site using Internet Explorer and has Google Chrome installed. 2.0 Impact By exploiting this vulnerability, an attacker could perform Cross-Site Scripting attack on an arbitrary site. An XSS attack enables numerous other attacks: An attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks. Another impact of the vulnerabilities illustrated in this document is information disclosure. An attacker can enumerate the victim's directories and files on the local file system, resulting in information leakage that could leverage other attacks targeting the victim. 3.0 Affected Products - Google Chrome 1.154.55 and earlier versions
4.0 Recommendation Users are recommended to upgrade to Google Chrome 1.154.59. The latest version of Google Chrome can be downloaded from this URL: http://www.google.com/chrome 5.0 References |
