VYPR
Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Jun 16, 2026

CVE-2009-0276

CVE-2009-0276

Description

Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • Google/Chrome13 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=1.0.154.43
    • cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
    • (no CPE)range: <1.0.154.46
  • Range: <1.0.154.46

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.