chrome has injection vulnerability. The vulnerability exists due to a lack of validation of untrusted input in Settings allowing an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.