Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0374

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0374
Last Modified 02 Feb 2009 12:00:00
Published 30 Jan 2009 04:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0374

Summary

** DISPUTED ** Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue."

Vulnerable Systems

Application

  • Google Chrome 1.0.154.43


References

BUGTRAQ - 20090128 Re: Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.

BUGTRAQ - 20090128 Advisory: Google Chrome 1.0.154.43 ClickJacking Vulnerability.

MISC - http://www.secniche.org/gcr_clkj/

MILW0RM - 7903


Last Updated: 27 May 2016 10:50:14