Chrome Releases: Stable Update: Security Fix

Chrome Releases

Release updates from the Chrome team

Stable Update: Security Fix

Thursday, April 23, 2009

Edit (24 April): Removed "Such an attack only works if Chrome is not already running."

Google Chrome's Stable channel has been updated to 1.0.154.59 to fix a security issue:
CVE-2009-1412 ChromeHTML protocol handler same-origin bypassAn error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.
If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice.
See http://code.google.com/p/chromium/issues/detail?id=9860 for more details.
Affected versions: 1.0.154.55 and earlier
Severity: High. This allows universal cross-site scripting (UXSS) without user interaction under certain conditions.
Credit: Roi Saltzman (roisa@il.ibm.com) Security Researcher at IBM Rational Application Security Research Group
--Mark LarsonGoogle Chrome Program Manager

Labels: Stable updates

Labels

Admin Console 43
Android WebView 19
Beta 26
Beta update 16
Beta updates 2204
chrome 15
Chrome Dev for Android 182
Chrome for Android 1124
Chrome for iOS 482
Chrome for Meetings 5
Chrome OS 1168
Chrome OS Flex 34
Chrome OS Management 13
Chromecast Update 6
ChromeOS 335
ChromeOS Flex 329
Desktop Update 1320
dev update 267
Dev updates 1623
Early Stable Updates 74
Extended Stable updates 180
Flash Player update 5
Flex 1
Hangouts Meet hardware 5
LTS 122
stable 12
Stable updates 1430

Archive

2026
- Jan

2025
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2024
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2023
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2022
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2021
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2020
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2019
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2018
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2017
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2016
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2015
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2014
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2013
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2012
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2011
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2010
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2009
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2008
- Dec
- Nov
- Oct
- Sep

Give us feedback in our
Product Forums.

Google
Privacy
Terms