The host is installed with Google Chrome before 4.0.249.78 and is prone to information disclosure vulnerability. A flaw is present in the application which does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut. Successful exploitation allow user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.