5
CVSSv2

CVE-2009-0276

Published: 03/02/2009 Updated: 04/02/2009
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome prior to 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.

Affected Products

Vendor Product Versions
GoogleChrome0.2.152.1, 0.2.153.1, 0.3.154.0, 0.3.154.3, 0.4.154.18, 0.4.154.22, 0.4.154.31, 0.4.154.33, 1.0.154.36, 1.0.154.39, 1.0.154.42, 1.0.154.43