Back to search
CVE-2009-3264
Published: Sep 18, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
58193
vdb-entry
x_refsource_OSVDB
36416
vdb-entry
x_refsource_BID
http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html
x_refsource_CONFIRM
36770
third-party-advisory
x_refsource_SECUNIA
http://code.google.com/p/chromium/issues/detail?id=21338
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now