Cross-origin resource sharing is a mechanism to safely bypass the same-origin policy; that is, it allows a web page to access restricted resources from a server on a domain different than the domain that served the web page. From Wikipedia
A critical flaw in the Loader component enabling cross-origin data theft has been patched, but some Chromium-based browsers lag behind in deploying updates.
