CVE-2009-1412
Google Chrome < 1.0.154.59 - Information Exposure via chromehtml: Protocol Handler
Title source: llmDescription
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
References (4)
Core 4
Core References
Exploit, Vendor Advisory x_refsource_misc
http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50449
Exploit x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=9860
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html
Scores
EPSS
0.0121
EPSS Percentile
64.7%
Details
CWE
CWE-200
Status
published
Products (16)
google/chrome
0.2.149.29
google/chrome
0.2.149.30
google/chrome
0.2.152.1
google/chrome
0.2.153.1
google/chrome
0.3.154.0
google/chrome
0.3.154.3
google/chrome
0.4.154.18
google/chrome
0.4.154.22
google/chrome
0.4.154.31
google/chrome
0.4.154.33
... and 6 more
Published
Apr 24, 2009
Tracked Since
Feb 18, 2026