Vulnerability Name: | CVE-2009-1340 (CCN-50080) | ||||||
Assigned: | 2009-04-23 | ||||||
Published: | 2009-04-23 | ||||||
Updated: | 2009-04-23 | ||||||
Summary: | Google Chrome, when not actively running, could allow a remote attacker to bypass cross-domain security restrictions, caused by the improper handling of ChromeHTML URIs. By persuading a victim to click a link in Internet Explorer, a remote attacker could exploit this vulnerability to bypass same origin policy restrictions to run script code in another user's browser session or enumerate files on the local disk. An attacker could exploit this vulnerability to possibly perform cross-site scripting attacks and launch further attacks on the vulnerable system. | ||||||
CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N) 3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||
Vulnerability Consequences: | Bypass Security | ||||||
References: | Source: CCN Type: Google Code Web site chromium Issue 9860: ChromeHTML URI handler vulnerability Source: MITRE Type: CNA CVE-2009-1340 Source: CCN Type: Google Chrome Releases Blog, Thursday, April 23, 2009 | 11:59 CVE-2009-1340 ChromeHTML protocol handler same-origin bypass Source: CCN Type: SA34900 Google Chrome "ChromeHTML" URI Handler Vulnerability Source: CCN Type: Google Chrome Web site Google Chrome Source: CCN Type: BID-34704 Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability Source: XF Type: UNKNOWN googlechrome-chromehtml-security-bypass(50080) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |