CVE-2010-1663

EIP tracks 1 public exploit for CVE-2010-1663. PoCs published by Jordi Chancel.

AI-analyzed exploit summary This exploit demonstrates a cross-origin bypass in Google Chrome's URL parsing library (GURL) by using escape characters (e.g., tab, newline) to obfuscate the 'javascript:' protocol, bypassing the Same Origin Policy. The PoC triggers an alert with document.cookie, proving arbitrary JavaScript execution in a different origin context.

The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.