Work around for "Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability" CVE: CVE-2007-0048, CVE-2007-0045Google Chrome now refuses requests for javascript: URLs in Netscape Plugin API (NPAPI) requests from the Adobe Reader plugin. Adobe is aware of this issue and has helped us develop this mitigation while they work on a fix for all users.Severity: Moderate. This could allow a PDF document to run scripts on arbitrary sites.Credit: Thanks to Michael Schmidt for reporting this responsibly to Google.Javascript Same-Origin BypassCVE: CVE-2009-0276A bug in the V8 JavaScript engine could allow bypassing same-origin checks in certain situations.Severity: High. A malicious script in a page could read the full URL of another frame, and possibly other attributes or data from another frame in a different origin. This could disclose sensitive information from one website to a third party.Credit: Found internally by Google.