Last Google Chrome release for Chrome 50.0.2661.75 contains the fix for a security low bug I found (CVE-2016-1658). When first I found this bug I was under the impression it could be an UXSS. Quickly after I reported I started to realize that this wasn't as exploitable though. The issue per se was extremely easy to reproduce: Create an HTML file that looks like and save it (e.g. chrome.html) <h1>Hi</h1> <script> alert(document.domain)</script> Now supposing the file is saved under (in MacOS) /Users/xxx/Downloads/chrome.html open the file from hard disk in this way: file://mail.google.com/Users/xxx/Downloads/chrome.html Note: mail.google.com is arbitrary . This can be any domain (hence is universal) Observe the document.domain alerted is mail.google.com! Observe the cookies transported are the one associated with *.google.com domain : Now this looked really weird to me and I reported as an...