Vulnerabilities

CVE-2009-3264

by Fred · 18/09/2009

The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user’s visit to a different web server that hosts an SVG document.

Date published : 2009-09-18

http://www.securityfocus.com/bid/36416

http://code.google.com/p/chromium/issues/detail?id=21338

Similar

Tags: Cybersecurity Alert