Unrated severityNVD Advisory· Published May 11, 2009· Updated Jun 16, 2026
CVE-2009-1598
CVE-2009-1598
Description
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords8 versionspkg:apk/chainguard/chromiumpkg:apk/chainguard/chromium-docker-selenium-compatpkg:apk/chainguard/chromium-langpkg:apk/chainguard/chromium-qtpkg:apk/wolfi/chromiumpkg:apk/wolfi/chromium-docker-selenium-compatpkg:apk/wolfi/chromium-langpkg:apk/wolfi/chromium-qt
< 0+ 7 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
2- secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdfnvdExploitThird Party Advisory
- www.securityfocus.com/archive/1/503183/100/0/threadednvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.