CVE-2008-5749

Name of the Vulnerable Software and Affected Versions Google Chrome version 1.0.154.36

Description The issue allows remote attackers to execute arbitrary commands via the --renderer-path option in a "chromehtml: URI" API endpoint. A third party disputes this issue, stating that Chrome will ask for user permission and cannot launch the applet even if permission is given.

Recommendations For Google Chrome version 1.0.154.36, consider disabling the --renderer-path option as a temporary workaround until a patch is available. Restrict access to the "chromehtml: URI" API endpoint to minimize the risk of exploitation. Avoid using the --renderer-path option in the affected API endpoint until the issue is resolved.