CVE-2008-6512

Name of the Vulnerable Software and Affected Versions Google Gears versions prior to 0.5.4.2

Description The issue allows remote attackers to bypass the Same Origin Policy and the intended access restrictions by hosting a file containing Google Gear commands on the target domain and accessing it from the attacking domain. This occurs because the response headers are not checked, causing the worker code to run in the target domain.

Recommendations For Google Gears versions prior to 0.5.4.2, update to version 0.5.4.2 or later to resolve the issue.