CVE-2009-3263

Name of the Vulnerable Software and Affected Versions Google Chrome versions 2.x through 3.0.195.20

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an RSS or Atom feed. This is related to the rendering of the application/rss+xml content type as XML "active content."

Recommendations For Google Chrome versions 2.x through 3.0.195.20, update to version 3.0.195.21 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of RSS and Atom feeds to minimize the risk of exploitation.