Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
BID:39669
Info
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
| Bugtraq ID: | 39669 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1504 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2010 12:00AM |
| Updated: | Apr 23 2010 12:00AM |
| Credit: | Robert Swiecki and Tavis Ormandy of Google Security Team. |
| Vulnerable: |
Google Chrome 4.1.249 1036 Google Chrome 4.1.249 .1045 Google Chrome 4.1.249 .1042 Google Chrome 4.0.249 .89 Google Chrome 4.0.249 .78 |
| Not Vulnerable: |
Google Chrome 4.1.249 1059 |
Discussion
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
Google Chrome is prone to a cross-domain scripting vulnerability.
An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information, or to launch spoofing attacks against other sites.
Versions prior to Chrome 4.1.249.1059 are vulnerable.
NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Google Chrome is prone to a cross-domain scripting vulnerability.
An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information, or to launch spoofing attacks against other sites.
Versions prior to Chrome 4.1.249.1059 are vulnerable.
NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Solution / Fix
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
References:
References: