CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.9%
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
Vendor | Product | Version | CPE |
---|---|---|---|
chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
chrome | 0.2.152.1 | cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:* | |
chrome | 0.2.153.1 | cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:* | |
chrome | 0.3.154.0 | cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:* | |
chrome | 0.3.154.3 | cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:* | |
chrome | 0.4.154.18 | cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:* | |
chrome | 0.4.154.22 | cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:* | |
chrome | 0.4.154.31 | cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:* | |
chrome | 0.4.154.33 | cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:* | |
chrome | 1.0.154.36 | cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:* |