CVE-2008-5749 - Code Injection vulnerability in Google Chrome



Last modification



** DISPUTED ** Argument injection vulnerability in Google Chrome on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."


Google Chrome is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands and arbitrary code with the privileges of a user running the application.Google Chrome is vulnerable; other versions may also be affected. Update (January 30, 2009): This issue occurs when the argument '--no-sandbox' is included in the URI passed to Google Chrome.


Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:


The following examples are available: /data/vulnerabilities/exploits/chromeHTML_exploit.html /data/vulnerabilities/exploits/32997-2.html


CWE-94 - Code Injection

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)



Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High


  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Google Chrome