QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0276

Published: Feb 3, 2009

Modified: Sep 17, 2024

PUBLISHED

Description

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

x_refsource_CONFIRM

http://src.chromium.org/viewvc/chrome?view=rev&revision=8524

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes

x_refsource_CONFIRM

http://codereview.chromium.org/18531

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.