The Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default. The issue was reported Jan. 21 and subject to Project Zero s 90-day disclosure deadline. The vendor, Ormandy said, removed a particular API he used in a proof-of-concept exploit. Google’s Project Zero research team published an advisory on Tuesday by Google’s research team. The same origin policy is a fundamental tenet of web security, ensuring scripts access data from a second webpage only if the two pages have the same origin.
Source: https://threatpost.com/chromodo-browser-disables-same-origin-policy/116131/