Signature Detail
Short Name |
HTTP:STC:CHROME:GURL-XO-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Google Chrome GURL Cross Origin Bypass |
Release Date |
2010/09/27 |
Update Number |
1779 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Google Chrome GURL Cross Origin Bypass
This signature detects attemps to exploit a known Cross Origin Bypass vulnerability in Google Chrome Web browser. The vulnerability is due to insufficient validation of URLs in the Google URL (GURL) component, which can lead to violation of the same origin policy. Remote attackers can exploit this by enticing target users to visit a malicious Web site. A successful exploitation can result in information disclosure and execution of active content outside the prescribed context.
Extended Description
Google Chrome is prone to a cross-domain security-bypass vulnerability. An attacker can exploit this vulnerability to bypass the same-origin policy. Other attacks are also possible. Versions prior to Chrome 4.1.249.1064 are vulnerable. NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Affected Products
- Google Chrome 4.0.249.78
- Google Chrome 4.0.249.89
- Google Chrome 4.1.249.1036
- Google Chrome 4.1.249.1042
- Google Chrome 4.1.249.1045
- Google Chrome 4.1.249.1059
References