Google Chrome Timeout XSS Vulnerability Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to XSS vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes and universal XSS attack in the context of the web browser.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Error exist when javascript: URLs with unescaped spaces and quotes are processed and fails to cancel timeouts over a page transition thus enabling future code execution.

Affected

Google Chrome version 1.0.x

References

http://code.google.com/p/chromium/issues/detail?id=9860
http://secunia.com/advisories/34900

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1413

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tiles Multiple XSS Vulnerability
aeNovo Database Content Disclosure Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities