Roi Saltzman

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 1.0.154.59 **Description** The issue allows remote attackers to determine the existence of files and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction. This can be achieved via a web page that sets `document.location` to a `chromehtml:` value, such as using a `javascript:` or `data:` URL. It is also noted that this issue can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. **Recommendations** For versions prior to 1.0.154.59, update to version 1.0.154.59 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `chromehtml:` protocol handler to minimize the risk of exploitation. Avoid using the `document.location` property to set `chromehtml:` values in web pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions 1.0.x **Description** The issue makes it easier for attackers to conduct Universal XSS attacks. This is achieved by calling `setTimeout` to trigger future execution of JavaScript code and then modifying `document.location` to arrange for JavaScript execution in the context of an arbitrary web site. This can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability. **Recommendations** For Google Chrome versions 1.0.x, as a temporary workaround, consider disabling the use of `setTimeout` for executing JavaScript code until a patch is available. Restrict access to modifying `document.location` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions 2.0.x **Description** The issue allows modifications to the global object to persist across a page transition, making it easier for attackers to conduct Universal XSS attacks. **Recommendations** For Google Chrome versions 2.0.x, update to a version that contains a fix for this issue.