4.3

CVE-2009-1413

EPSS 0.24%
Published 24.04.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site.  NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version1.0.154.36

Google ≫ Chrome Version1.0.154.39

Google ≫ Chrome Version1.0.154.42

Google ≫ Chrome Version1.0.154.43

Google ≫ Chrome Version1.0.154.46

Google ≫ Chrome Version1.0.154.53

Google ≫ Chrome Version1.0.154.59

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.434

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc

Vendor Advisory

http://code.google.com/p/chromium/issues/detail?id=9860

https://exchange.xforce.ibmcloud.com/vulnerabilities/50447

https://nvd.nist.gov/vuln/detail/CVE-2009-1413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1413

EUVD