The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin prior to 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote malicious users to cause a denial of service (application crash) via an _blank value for the target attribute of an A element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome frame 15.0.874.121 |
||
google chrome frame |
||
google chrome frame 16.0.912.63 |