Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability

Google Chrome is prone to a cross-domain scripting vulnerability.

An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information, or to launch spoofing attacks against other sites.

Versions prior to Chrome are vulnerable.

NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to Multiple Security Vulnerabilities) but has been assigned its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus