Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Chrome多文件处理JavaScript警告失败漏洞
Vulnerability Description
Google Chrome是由Google(谷歌)公司开发的开源网页浏览器。 Google Chrome 3.0.195.32版本之前的版本的browser/download/download_exe.cc中存在不完整黑名单漏洞。当用户下载和打开SVG、MHT或XML文件时Chrome浏览器没有显示警告,这可能导致以本地环境执行任意JavaScript代码或泄漏本地文件。
CVSS Information
N/A
Vulnerability Type
N/A