CVE 2011-0778
Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
See the
CVE page on Mitre.org
for more details.