| Title | Google Chrome における IsWebSafeScheme 制限を満たしていない URL をタブで開かれる脆弱性 |
|---|---|
| Summary | Google Chrome の chromehtml: protocol handler には、Internet Explorer により起動した際、ファイルの存在を究明され、IsWebSafeScheme 制限を満たしていない URL をタブで開かれる脆弱性が存在します。 |
| Possible impacts | 第三者により、chromehtml: value に document.location を設定する Web ページを介して、IsWebSafeScheme 制限を満たしていない URL をタブで開かれる可能性があります。 |
| Solution | ベンダ情報及び参考情報を参照して適切な対策を実施してください。 |
| Publication Date | April 24, 2009, midnight |
| Registration Date | Oct. 19, 2010, 2:54 p.m. |
| Last Update | Oct. 19, 2010, 2:54 p.m. |
| CVSS2.0 : 危険 | |
| Score | 7.8 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Google Chrome 1.0.154.59 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2010年10月19日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. |
|---|---|
| Publication Date | April 25, 2009, 12:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:17 p.m. |
| Last Update | July 24, 2021, 12:04 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 1.0.154.53 | ||||
| cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* | ||||