Vulnerabilities > CVE-2009-0276 - Unspecified vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | GOOGLE_CHROME_1_0_154_46.NASL |
| description | The version of Google Chrome installed on the remote host is earlier than 1.0.154.46. Such versions are reportedly affected by several issues : - Cross-site scripting vulnerabilities in the Adobe Reader Plugin itself could be leveraged using a PDF document to run scripts on arbitrary sites via Google Chrome. (CVE-2007-0048 and CVE-2007-0045) - A cross-domain security-bypass vulnerability that could allow an attacker to bypass the same-origin policy and gain access to potentially sensitive information. (CVE-2009-0276) - A remote attacker may be able to gain access to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 35558 |
| published | 2009-01-31 |
| reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/35558 |
| title | Google Chrome < 1.0.154.46 Multiple Vulnerabilities |
References
- http://codereview.chromium.org/18531
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://secunia.com/advisories/33754
- http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes
- http://src.chromium.org/viewvc/chrome?view=rev&revision=8524