CVE-2011-0778 Information

Description

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Reference

http://code.google.com/p/chromium/issues/detail?id=59081 http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/43368 http://www.debian.org/security/2011/dsa-2166 http://www.debian.org/security/2011/dsa-2188 http://www.vupen.com/english/advisories/2011/0408 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14228