The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome prior to 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote malicious users to trigger access to an arbitrary URL via a crafted extension that is uninstalled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |