Google Chrome 'chromeHTML://' Command Line Parameter Injection Vulnerability
Google Chrome is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.
Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands and arbitrary code with the privileges of a user running the application.
Google Chrome 126.96.36.199 is vulnerable; other versions may also be affected.
Update (January 30, 2009): This issue occurs when the argument '--no-sandbox' is included in the URI passed to Google Chrome.