Ravens PHP Scripts

Google Chrome URI Handler Registration Vulnerability
Date: Monday, February 09, 2009 @ 17:21:28 PST
Topic: Security


SECUNIA ADVISORY ID: SA33800

VERIFY ADVISORY: http://secunia.com/advisories/33800/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Google Chrome 1.x - http://secunia.com/advisories/product/20760/

DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.



The vulnerability is caused due to the application registering itself as a handler for certain URIs in an improper way. This can be exploited to inject arbitrary command line arguments and potentially execute arbitrary commands by tricking the user into clicking a specially crafted link in a different browser. The vulnerability is reported in versions prior to 1.0.154.48. This is related to: SA25984

SOLUTION: Update to version 1.0.154.48.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/release1015448

OTHER REFERENCES: SA25984: http://secunia.com/advisories/25984/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3545