Detections
Analytics
Google Chrome < 1.0.154.59 Same Origin Policy Bypass Vulnerability
medium Nessus Network Monitor Plugin ID 5004
Synopsis
The remote host contains a web browser that is affected by a same origin bypass vulnerability.Description
The version of Google Chrome installed on the remote host is earlier than 1.0.154.59. Such versions are reportedly affected by a same origin policy bypass vulnerability when handling URLS with a 'chromehtml: ' protocol which could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk.If a user has Google Chrome installed, visiting an attacker-controlled web page in another browser could cause Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice (Issue number 9860).
Solution
Upgrade to Google Chrome 1.0.154.59.See Also
http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html
Plugin Details
Severity: Medium
ID: 5004
Family: Web Clients
Published: 8/18/2004
Updated: 3/6/2019
Nessus ID: 38154
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 4.8
Temporal Score: 4.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Reference Information
CVE: CVE-2009-1412
BID: 34704