Information from Owen
Vulnerability ID:JVN#98975951
Title:Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
■ Overview
There is a cross site scripting vulnerability in the Chrome extension "5000 trillion yen converter".
■ Affected version
1.0.6
■ Detailed Information
There is a vulnerability in Chrome extension "5000 trillion yen convertor" that arbitrary JavaScript can be executed when a user browses a page containing a character string which an attacker has crafted.
■ Expected impact
By posting or displaying a specially crafted character string, cookies are read and there is a possibility that information leaks.
■ Measures
Please update.
If Chrome's automatic update is enabled, it will be automatically updated to the latest version.
