Vulnerability Name:

CVE-2009-1412 (CCN-50449)

Assigned:2009-04-23
Published:2009-04-23
Updated:2021-07-23
Summary:Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL.
Note: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Exploit, Vendor Advisory
http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc

Source: CCN
Type: Google Code Web site
chromium Issue 9860: ChromeHTML URI handler vulnerability

Source: CONFIRM
Type: Exploit
http://code.google.com/p/chromium/issues/detail?id=9860

Source: MITRE
Type: CNA
CVE-2009-1412

Source: CONFIRM
Type: UNKNOWN
http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 53989
Google Chrome ChromeHTML URI Handling Privilege Escalation

Source: XF
Type: UNKNOWN
googlechrome-chromehtml-command-execution(50449)

Source: XF
Type: UNKNOWN
googlechrome-chromehtml-command-execution(50449)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version <= 1.0.154.53)
  • OR cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google chrome *
    google chrome 0.2.149.29
    google chrome 0.4.154.22
    google chrome 0.4.154.31
    google chrome 0.2.149.30
    google chrome 0.2.152.1
    google chrome 0.4.154.33
    google chrome 1.0.154.36
    google chrome 0.2.153.1
    google chrome 0.3.154.0
    google chrome 1.0.154.39
    google chrome 0.3.154.3
    google chrome 1.0.154.43
    google chrome 1.0.154.42
    google chrome 0.4.154.18
    google chrome 1.0.154.46
    microsoft internet explorer 7
    google chrome 0.2.149.29
    google chrome 0.2.149.30
    google chrome 1.0.154.36
    google chrome 1.0.154.43
    google chrome 1.0.154.42
    google chrome 1.0.154.39
    google chrome 0.4.154.33
    google chrome 0.4.154.31
    google chrome 0.4.154.22
    google chrome 0.4.154.18
    google chrome 0.3.154.3
    google chrome 0.3.154.0
    google chrome 0.2.153.1
    google chrome 0.2.152.1
    google chrome 1.0.154.53
    google chrome 1.0.154.46