CVE-2009-3934
Summary
The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
- MEDIUM
- NETWORK
- NONE
- NONE
- NONE
- PARTIAL
References
Advisory Timeline
- Published