Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2010-0657

Description

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

POC

Reference

- http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Github

No PoCs found on GitHub currently.