The extensions subsystem in Google Chrome prior to 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote malicious users to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |