CVE-2009-2060
Google Chrome before 1.0.154.53 is affected by an SSL/tampering flaw: the browser uses the HTTP Host header to determine the context of a 4xx/5xx CONNECT response from a proxy, enabling a man-in-the-middle to run arbitrary script in the context of a legitimate server. This is described in CVE-200...