The DOM implementation in Google Chrome prior to 12.0.742.91 allows remote malicious users to bypass the Same Origin Policy via unspecified vectors.
google chrome