Google Chrome has been updated to 126.96.36.199 to fix a security vulnerability in the handling of ChromeHTML URIs (Uniform Resource Identifiers) that allows an attacker to bypass the Same Origin Policy for any site and enumerate victim’s files and directories.
According to an advisory from Google, the issue permits universal cross-site scripting without user interaction.
“If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs and load scripts that run after navigating to a URL of the attacker’s choice,” the advisory stated.
The vulnerability was discovered by IBM security researcher Roi Saltzman, who noted in a blog post that the processing of URL protocol handlers has been an ongoing issue with Internet Explorer. A similar situation was uncovered in 2007 involving Internet Explorer and Firefox.
“These issues pose a major threat to any user that browses a maliciously crafted page using Internet Explorer and has Google Chrome installed alongside,” Saltzman wrote. “It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications.”
A more detailed advisory can be downloaded off the IBM Rational Application Security Insider blog.