Google Chrome Cross-Site Scripting Vulnerability - July09 Network Vulnerability

Summary

This host has Google Chrome installed and is prone to Cross-Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to conduct Cross-Site Scripting attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Error exists when application fails to block 'javascript:' URIs in Refresh headers in HTTP responses.

Affected

Google Chrome version 1.0.154.48 and prior.

References

http://websecurity.com.ua/
http://www.securityfocus.com/archive/1/504718/100/0/threaded
http://www.securityfocus.com/archive/1/504723/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2352

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Arris DOCSIS Password Disclosure
APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
Apple Safari Webkit Multiple Vulnerabilities - March 2011
Apple iTunes Multiple Vulnerabilities - Apr10

Take action and discover your vulnerabilities