Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker read the full URL and potentially other attributes or data from another frame in a different domain and can conduct cross site scripting attacks to gain users sensitive information and can also able to hijack legitimate user session and could gain sensitive information for the victim accounts.
Solution
Upgrade Google Chrome to version 1.0.154.46 or later.
http://www.google.com/chrome
Insight
Multiple Flaws are due to,
- an error exists in the V8 JavaScript engine while re-directing to another windows through iframe tag as it allows to bypass the same origin policy through a crafted iframe crafted script.
- a flaw in the 'XMLHttpRequest' header which contains the cookie information of the logged user.
Affected
Google Chrome version prior to 1.0.154.46
References
Severity
Classification
-
CVE CVE-2009-0276, CVE-2009-0411 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Allaire JRun directory browsing vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability