Bug 277378 (CVE-2009-2352)

Summary:	<=www-client/chromium-bin-? XSS/javascript header Injection (CVE-2009-2352)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	trivial	CC:	voyageur
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-07-10 23:29:43 UTC

CVE-2009-2352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2352):
  Google Chrome 1.0.154.48 and earlier does not block javascript: URIs
  in Refresh headers in HTTP responses, which allows remote attackers
  to conduct cross-site scripting (XSS) attacks via vectors related to
  (1) injecting a Refresh header or (2) specifying the content of a
  Refresh header, a related issue to CVE-2009-1312.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-07-10 23:30:48 UTC

I'm not sure about the versioning here, voyageur do you have information on this one, too?

Comment 2 Bernard Cafarelli gentoo-dev

2009-07-15 10:51:19 UTC

This looks like http://code.google.com/p/chromium/issues/detail?id=9860 (or 9862 to be precise, but this one is private)

Anyway, official google chrome 1.0.154.48 was revision 14361:
http://src.chromium.org/viewvc/chrome/releases/1.0.154.59/src/chrome/?sortby=log&view=log
So for us it's fixed (at least) from chromium-bin-0_p14361, oldest in tree currently is 20016

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-07-15 18:44:11 UTC

Thanks! Closing INVALID.