Same origin policy bypass vulnerability in Google Chrome via a crafted script (rpm)ID: oval:org.secpod.oval:def:36782 | Date: (C)2016-08-22 (M)2022-03-23 |
Class: VULNERABILITY | Family: unix |
The host is installed with Google Chrome before 1.0.154.46 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. Successful exploitation allows remote attackers to bypass same origin policy.