The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome prior to 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote malicious users to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
debian debian linux 7.0 |