- CVE-2007-0048 and CVE-2007-0045: Workaround for Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
- Severity: Moderate. This could allow a PDF document to run scripts on arbitrary sites.
- Severity: High. A malicious script in a page could read the full URL of another frame, and possibly other attributes or data from another frame in a different origin. This could disclose sensitive information from one website to a third party.
The patch (see release notes) also fixes problems with Yahoo Mail and Windows Live Hotmail.
- Google adds HTTPS-only browsing to Chrome
- Google Chrome, the security tidbits
- Google Chrome vulnerable to carpet-bombing flaw
- Google hires browser hacking guru