Google : Security Vulnerabilities, CVEs, Published In February 2009
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Max CVSS
5.0
EPSS Score
0.30%
Published
2009-02-03
Updated
2017-08-08
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
Max CVSS
5.0
EPSS Score
0.23%
Published
2009-02-03
Updated
2009-02-04
2 vulnerabilities found