During one of my BugBounty session on a program from YesWeHack I came across an API with with some personal informations and the header Access-Control-Allow-Origin: *. Here is how I managed to steal the informations an find a bug in chrome. I build a minimal