Version 0.5.4 reportedly includes a fix: http://www.securityfocus.com/bid/32698/discuss
<<Google Gears is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling WorkerPool objects.>>
[edit: snippet added. -Philipp] |