Google Gears WorkerPool API 'allowCrossOrigin()' Same Origin Policy Violation Vulnerability

Google Gears is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling WorkerPool objects.

An attacker may violate the same-origin policy and obtain sensitive information, including authentication credentials for web applications. Other attacks are also possible.

Versions prior to Google Gears 0.5.4 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus