Chrome Releases: Stable Update: Security Fix

Chrome Releases

Release updates from the Chrome team

Stable Update: Security Fix

Thursday, April 23, 2009

Edit (24 April): Removed "Such an attack only works if Chrome is not already running."

Google Chrome's Stable channel has been updated to 1.0.154.59 to fix a security issue:
CVE-2009-1412 ChromeHTML protocol handler same-origin bypassAn error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.
If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice.
See http://code.google.com/p/chromium/issues/detail?id=9860 for more details.
Affected versions: 1.0.154.55 and earlier
Severity: High. This allows universal cross-site scripting (UXSS) without user interaction under certain conditions.
Credit: Roi Saltzman (roisa@il.ibm.com) Security Researcher at IBM Rational Application Security Research Group
--Mark LarsonGoogle Chrome Program Manager

Labels: Stable updates

Labels

Admin Console 43
Android WebView 19
Beta 20
Beta updates 1835
chrome 9
Chrome Dev for Android 81
Chrome for Android 785
Chrome for iOS 289
Chrome for Meetings 5
Chrome OS 1132
Chrome OS Flex 9
Chrome OS Management 12
Chromecast Update 6
ChromeOS 98
ChromeOS Flex 98
Desktop Update 930
dev update 261
Dev updates 1389
Early Stable Updates 26
Extended Stable updates 80
Flash Player update 5
Hangouts Meet hardware 5
LTS 54
stable 8
Stable updates 1065

Archive

2023
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2022
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2021
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2020
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2019
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2018
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2017
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2016
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2015
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2014
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2013
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2012
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2011
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2010
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2009
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2008
- Dec
- Nov
- Oct
- Sep

Give us feedback in our
Product Forums.

Google
Privacy
Terms