Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Chrome信息泄露漏洞
Vulnerability Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。 Chrome的chromehtml:协议处理器没有正确地处理ChromeHTML URI,如果用户受骗在Internet Explorer点击了特制链接的话,就可能无需任何交互便在Chrome中启动任意URI,并通过命令行参数执行JAVASCRIPT代码。结合上述两个漏洞,远程攻击者可以枚举本地文件或文件夹,或在任意域的安全环境中执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A