EUVD-2009-2959

Malware in sbrugna...

CVE-2009-2974

Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to 1 cause a denial of service application hang via vectors involving a chromehtml: URI value for the document.location property or 2 cause a denial of service application hang and CPU consumption via vectors involving a...

Google Chrome 'chromehtml: URI' Denial Of Service Vulnerability

This host is installed with Google Chrome and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromechromehtmldosvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'chromehtml: URI Denial Of Service Vulnerability Authors: Sharath S Copyright:...

Design/Logic Flaw

Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cau...

CVE-2009-2974

Removed by vendor...

Google Chrome DoS

Hang on chromehtml: URL handling...

Google Chrome chromehtml:协议处理器绕过同源策略限制漏洞

BUGTRAQ ID: 34704 CVECAN ID: CVE-2009-1340,CVE-2009-1414,CVE-2009-1413,CVE-2009-1412 Google Chrome是Google发布的开源WEB浏览器。 Chrome的chromehtml:协议处理器没有正确地处理ChromeHTML URI，如果用户受骗在Internet Explorer点击了特制链接的话，就可能无需任何交互便在Chrome中启动任意URI，并通过命令行参数执行JAVASCRIPT代码。结合上述两个漏洞，远程攻击者可以枚举本地文件或文件夹，或在任意域的安全环境中执行任意HTML和脚本代码...

CVE-2009-1412

Google Chrome before 1.0.154.59 is affected by CVE-2009-1412 via the chromehtml: protocol handler. A web page could set document.location to a chromehtml: value and, when launched from Internet Explorer, allow enumeration of local files and opening tabs for non‑IsWebSafe URLs, enabling potential ...

Google Chrome < 1.0.154.59 ChromeHTML URI Handling Privilege Escalation

The version of Google Chrome installed on the remote host is earlier than 1.0.154.59. Such versions are reportedly affected by an issue when handling URLs with a 'chromehtml:' protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk. If...

Stable Update: Security Fix

Edit 24 April: Removed "Such an attack only works if Chrome is not already running." Google Chrome's Stable channel has been updated to 1.0.154.59 to fix a security issue: CVE-2009-1412 ChromeHTML protocol handler same-origin bypass An error in handling URLs with a chromehtml: protocol could allo...

Google Chrome code execution

chromehtml: URI parameter injection...

Design/Logic Flaw

Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch...

CVE-2008-5750

CVE-2008-5750 concerns an argument-injection vulnerability in Microsoft Internet Explorer 8 beta 2 running on Windows XP SP3. The issue allows a remote attacker to execute arbitrary commands via the --renderer-path option in a chromehtml: URI, effectively enabling arbitrary code execution under t...

CVE-2008-5749

CVE-2008-5749 affects Google Chrome 1.0.154.36 on Windows XP SP3 and is an argument-injection vulnerability in the chromehtml URI via the --renderer-path option, enabling remote command execution. OpenVAS entries corroborate a Google Chrome argument-injection vulnerability; the core issue is the ...

Internet Explorer 'chromeHTML://'命令行参数注入漏洞

BUGTRAQ ID: 32999 Internet Explorer是一款流行的WEB浏览器。 Internet Explorer不正确处理用户输入，远程攻击者可以利用漏洞通过协议处理器注入命令行参数，造成以登录用户上下文执行任意代码。 问题是处理'chromeHTML://'协议存在问题，构建恶意WEB页，诱使用户访问可触发此漏洞。 Microsoft Internet Explorer 8 beta 2 目前没有解决方案提供： http://www.microsoft.com/ie/ !-- Google Chrome Browser ChromeHTML:// remote...

Google Chrome - ChromeHTML: Remote Parameter Injection

Google Chrome - ChromeHTML: Remote Parameter Injection click me milw0rm.com 2008-12-23...