Summary
The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes and XSS attack in the context of the web browser.
Solution
Upgrade to Google Chrome version 1.0.154.59.
http://www.google.com/chrome
Insight
- Error in chromeHTML URL protocol handler, that do not satisfy the IsWebSafeScheme restriction via a web page that sets document.location and also that are not constructed with sufficient escaping hence when invoked by Internet Explorer might open multiple tabs for unconstrained protocols such as javascript: or file:.
- It may allow malicious URLs to bypass the same-origin policy and obtain sensitive information including authentication credentials.
Affected
Google Chrome versions prior to 1.0.154.59.
References
Severity
Classification
-
CVE CVE-2009-1340, CVE-2009-1412 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Arkeia Appliance Path Traversal Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities