New Search

Google Chrome Image Read Access Restriction Same Origin Policy Bypass Remote Information Disclosure

oval:org.mitre.oval:def:11221

WebKit as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 does not properly restrict read access to images derived from CANVAS elements which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows XP
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2010-3259
Product(s):
  • Google Chrome