Title: Google Chrome Frame Same Origin Policy Bypass Vulnerability
Severity: MODERATE
Description:
Google Chrome Frame is a plugin for Microsoft Internet Explorer.
Google Chrome Frame is prone to a vulnerability that allows attackers to bypass the same-origin policy. The issue occurs when processing links that use the 'cf:view-source:' handler. This may allow supplied JavaScript code to run within a different security context than the origin domain's context.
Attackers may exploit this issue to violate the same-origin policy and perform actions with elevated privileges. Other attacks may also be possible.
Google Chrome Frame 4.0.223.9 and earlier versions are affected.
Affected Products:
- Google Chrome Frame 4.0.223.9
References:
- Google: Google Chrome Frame Homepage
- Google: Google Chrome Frame Update: Bug Fixes
- Lostmon: Google Chrome Frame null domain XSS
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
