CVE-2009-0276
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/02/2009
Last modified:
04/02/2009
Description
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 1.0.154.43 (including) | |
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:* | ||
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://codereview.chromium.org/18531
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://secunia.com/advisories/33754
- http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes
- http://src.chromium.org/viewvc/chrome?view=rev&revision=8524