Permissive Cross-domain Policy with Untrusted Domains
CVE-2021-30582
Summary
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
The software uses a cross-domain policy file that includes domains that should not be trusted.
References
Advisory Timeline
- Published
