Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0276

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0276
Last Modified 04 Feb 2009 12:00:00
Published 03 Feb 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0276

Summary

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.

Vulnerable Systems

Application

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43


References

CONFIRM - http://src.chromium.org/viewvc/chrome?view=rev&revision=8524

CONFIRM - http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes

SECUNIA - 33754

CONFIRM - http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

CONFIRM - http://codereview.chromium.org/18531


Last Updated: 27 May 2016 10:50:11