CVE-2009-3931

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 3.0.195.32

Description The issue allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation. This can be demonstrated by various file types, including .mht and .mhtml files, which are automatically executed by Internet Explorer 6, .svg files executed by Safari, and other file types such as .xml, .htt, .xsl, .xslt, and certain image files that are forbidden by the victim's site policy.

Recommendations For versions prior to 3.0.195.32, update to version 3.0.195.32 or later to resolve the issue. As a temporary workaround, consider restricting the download of potentially dangerous file types to minimize the risk of exploitation. Avoid using the Content-Disposition: attachment designation for files that could be automatically executed by other browsers, such as .mht, .mhtml, and .svg files, until the issue is resolved.