Strix
26.1K

CVE-2009-0374

UnknownEPSS 2.40%

Last modified

CVE-2009-0374 is a vulnerability of currently unknown severity. Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.. EPSS estimates a 2.40% chance of exploitation in the next 30 days.

Description

Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.

Metrics

EPSS Probability
2.40%

81.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
GoogleChrome1.0.154.43

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0374?
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
How severe is CVE-2009-0374?
Severity scoring for CVE-2009-0374 is pending analysis. The EPSS model estimates a 2.40% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0374?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0374?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST