** DISPUTED ** Argument injection vulnerability in Google Chrome 126.96.36.199 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."
Google Chrome is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands and arbitrary code with the privileges of a user running the application.Google Chrome 188.8.131.52 is vulnerable; other versions may also be affected. Update (January 30, 2009): This issue occurs when the argument '--no-sandbox' is included in the URI passed to Google Chrome.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com.
The following examples are available: /data/vulnerabilities/exploits/chromeHTML_exploit.html /data/vulnerabilities/exploits/32997-2.html