NA
CVSSv3

CVE-2009-0411

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5 | VMScore: 600 | EPSS: 0.00302 | KEV: Not Included
Published: 03/02/2009 Updated: 21/11/2024

Vulnerability Summary

Google Chrome prior to 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote malicious users to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

google chrome 0.2.152.1

google chrome 0.2.153.1

google chrome 0.3.154.0

google chrome 0.3.154.3

google chrome 0.4.154.18

google chrome 0.4.154.22

google chrome 0.4.154.31

google chrome 0.4.154.33

google chrome 1.0.154.36

google chrome 1.0.154.39

google chrome 1.0.154.42