Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability

Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability

Google Chrome is prone to a cross-domain scripting vulnerability.

An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information, or to launch spoofing attacks against other sites.

Versions prior to Chrome 4.1.249.1059 are vulnerable.

NOTE: This issue was previously covered in BID 39603 (Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.