Permissive Cross-domain Policy with Untrusted Domains
CVE-2025-3071
Summary
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page.
- LOW
- NETWORK
- ACTIVE
- NONE
CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
The software uses a cross-domain policy file that includes domains that should not be trusted.
References
Advisory Timeline
- Published
