Google Chrome URI Handler Registration Vulnerability

Posted on Monday, February 09, 2009 @ 18:21:28 CET in Security
by Raven

SECUNIA ADVISORY ID: SA33800

VERIFY ADVISORY: http://secunia.com/advisories/33800/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Google Chrome 1.x - http://secunia.com/advisories/product/20760/

DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to the application registering itself as a handler for certain URIs in an improper way. This can be exploited to inject arbitrary command line arguments and potentially execute arbitrary commands by tricking the user into clicking a specially crafted link in a different browser. The vulnerability is reported in versions prior to 1.0.154.48. This is related to: SA25984

SOLUTION: Update to version 1.0.154.48.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/release1015448

OTHER REFERENCES: SA25984: http://secunia.com/advisories/25984/
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 373,140,016
  • Today: 52,367
Server InfoServer Info
  • Dec 12, 2018
  • 11:23 am CET