CVE-2008-5749 - Code Injection vulnerability in Google Chrome 1.0.154.36

Publication

2008-12-29

Last modification

2018-10-11

Summary

** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."

Description

Google Chrome is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands and arbitrary code with the privileges of a user running the application.Google Chrome 1.0.154.36 is vulnerable; other versions may also be affected. Update (January 30, 2009): This issue occurs when the argument '--no-sandbox' is included in the URI passed to Google Chrome.

Solution

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

The following examples are available: /data/vulnerabilities/exploits/chromeHTML_exploit.html /data/vulnerabilities/exploits/32997-2.html

Classification

CWE-94 - Code Injection

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)

Medium

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Google Chrome  1.0.154.36