CVE-2009-1412

Google Chrome < 1.0.154.59 - Information Exposure via chromehtml: Protocol Handler

Title source: llm
STIX 2.1

Description

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50449

Scores

EPSS 0.0121
EPSS Percentile 64.7%

Details

CWE
CWE-200
Status published
Products (16)
google/chrome 0.2.149.29
google/chrome 0.2.149.30
google/chrome 0.2.152.1
google/chrome 0.2.153.1
google/chrome 0.3.154.0
google/chrome 0.3.154.3
google/chrome 0.4.154.18
google/chrome 0.4.154.22
google/chrome 0.4.154.31
google/chrome 0.4.154.33
... and 6 more
Published Apr 24, 2009
Tracked Since Feb 18, 2026