Ravens PHP Scripts

Google Chrome URI Handler Registration Vulnerability
Date: Monday, February 09, 2009 @ 18:21:28 CET
Topic: Security


VERIFY ADVISORY: http://secunia.com/advisories/33800/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Google Chrome 1.x - http://secunia.com/advisories/product/20760/

DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to the application registering itself as a handler for certain URIs in an improper way. This can be exploited to inject arbitrary command line arguments and potentially execute arbitrary commands by tricking the user into clicking a specially crafted link in a different browser. The vulnerability is reported in versions prior to This is related to: SA25984

SOLUTION: Update to version

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/release1015448

OTHER REFERENCES: SA25984: http://secunia.com/advisories/25984/

This article comes from Ravens PHP Scripts

The URL for this story is: