Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 1.0.154.43 (including) | |
Chrome | 0.2.152.1 (including) | 0.2.152.1 (including) | |
Chrome | 0.2.153.1 (including) | 0.2.153.1 (including) | |
Chrome | 0.3.154.0 (including) | 0.3.154.0 (including) | |
Chrome | 0.3.154.3 (including) | 0.3.154.3 (including) | |
Chrome | 0.4.154.18 (including) | 0.4.154.18 (including) | |
Chrome | 0.4.154.22 (including) | 0.4.154.22 (including) | |
Chrome | 0.4.154.31 (including) | 0.4.154.31 (including) | |
Chrome | 0.4.154.33 (including) | 0.4.154.33 (including) | |
Chrome | 1.0.154.36 (including) | 1.0.154.36 (including) | |
Chrome | 1.0.154.39 (including) | 1.0.154.39 (including) | |
Chrome | 1.0.154.42 (including) | 1.0.154.42 (including) |