Launchpad.net

CVE 2011-1435

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.

See the CVE page on Mitre.org for more details.