CVE-2009-1413

Name of the Vulnerable Software and Affected Versions Google Chrome versions 1.0.x

Description The issue makes it easier for attackers to conduct Universal XSS attacks. This is achieved by calling setTimeout to trigger future execution of JavaScript code and then modifying document.location to arrange for JavaScript execution in the context of an arbitrary web site. This can be leveraged for a remote attack by exploiting a chromehtml: argument-injection vulnerability.

Recommendations For Google Chrome versions 1.0.x, as a temporary workaround, consider disabling the use of setTimeout for executing JavaScript code until a patch is available. Restrict access to modifying document.location to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.