CVE-2009-2352

Name of the Vulnerable Software and Affected Versions Google Chrome versions 1.0.154.48 and earlier Google Chrome version 2.0.172.28 Google Chrome version 2.0.172.37 Google Chrome version 3.0.193.2 Beta

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header in HTTP responses. This is due to the failure to block javascript: URIs in Refresh headers.

Recommendations For Google Chrome versions 1.0.154.48 and earlier, update to a version later than 1.0.154.48 to resolve the issue. For Google Chrome version 2.0.172.28, update to a version later than 2.0.172.28 to resolve the issue. For Google Chrome version 2.0.172.37, update to a version later than 2.0.172.37 to resolve the issue. For Google Chrome version 3.0.193.2 Beta, update to a version later than 3.0.193.2 Beta to resolve the issue.