CVE-2009-1413
Last modified
CVE-2009-1413 is a vulnerability of currently unknown severity. Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. NOTE: this can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | 1.0.154.36 | |
| Chrome | 1.0.154.39 | |
| Chrome | 1.0.154.42 | |
| Chrome | 1.0.154.43 | |
| Chrome | 1.0.154.46 | |
| Chrome | 1.0.154.53 | |
| Chrome | 1.0.154.59 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1413?
How severe is CVE-2009-1413?
How do I fix CVE-2009-1413?
Are you affected by CVE-2009-1413?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST