CVE-2009-0411
CVE-2009-0411 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Learn more about our Cis Benchmark Audit For Google Chrome.