Moderate

CVE-2009-0276 - Unspecified vulnerability in Google Chrome

Publication: 2009-02-03
Summary

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Google Chrome 0.2.152.1
  • Google Chrome 0.2.153.1
  • Google Chrome 0.3.154.0
  • Google Chrome 0.3.154.3
  • Google Chrome 0.4.154.18
  • Google Chrome 0.4.154.22
  • Google Chrome 0.4.154.31
  • Google Chrome 0.4.154.33
  • Google Chrome 1.0.154.36
  • Google Chrome 1.0.154.39
  • Google Chrome 1.0.154.42
  • Google Chrome 1.0.154.43