HTTP: Google Chrome GURL Cross Origin Bypass

This signature detects attemps to exploit a known Cross Origin Bypass vulnerability in Google Chrome Web browser. The vulnerability is due to insufficient validation of URLs in the Google URL (GURL) component, which can lead to violation of the same origin policy. Remote attackers can exploit this by enticing target users to visit a malicious Web site. A successful exploitation can result in information disclosure and execution of active content outside the prescribed context.

Extended Description

Google Chrome is prone to a cross-domain security-bypass vulnerability. An attacker can exploit this vulnerability to bypass the same-origin policy. Other attacks are also possible. Versions prior to Chrome 4.1.249.1064 are vulnerable. NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Affected Products

Google chrome

Short Name
HTTP:STC:CHROME:GURL-XO-BYPASS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2010-1663 Chrome Cross GURL Google Origin bid:39813
Release Date
09/27/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Google

CVSS Score

10.0

Found a potential security threat?