VYPR
Unrated severityNVD Advisory· Published Feb 3, 2009· Updated Jun 16, 2026

CVE-2009-0411

CVE-2009-0411

Description

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Google/Chrome13 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=1.0.154.43
    • cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
    • (no CPE)range: <1.0.154.46

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.