Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 96.0.4664.45 (excluding) |