Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Jun 16, 2026
CVE-2009-0276
CVE-2009-0276
Description
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=1.0.154.43
- cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
- (no CPE)range: <1.0.154.46
- Range: <1.0.154.46
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.