The DOM implementation in Blink, as used in Google Chrome prior to 45.0.2454.85, allows remote malicious users to bypass the Same Origin Policy via unspecified vectors.
google chrome