Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 1 user
Status: WontFix
Owner: ----
Closed: May 2010
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 0
Type: Bug-Security

  • Only users with Commit permission may comment.

Sign in to add a comment
“tabnabbing" attack
Reported by, May 25 2010 Back to list
Potential for phishing attack described here:

Just tried it in Chrome 6.0.408.1 dev and it works.
Comment 1 by, May 25 2010
Status: WontFix
There isn't really anything to fix here. The hostname is the only authoritative 
identifier for a site, and we have measures like SafeBrowsing and hostname bolding to 
mitigate phishing attacks.

Comment 2 by, Mar 21 2011
Labels: Type-Security
Project Member Comment 3 by, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
Owner: ----
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 4 by, Mar 10 2013
Labels: -Type-Security Type-Bug-Security
Project Member Comment 5 by, Mar 11 2013
Labels: -Area-Undefined
Project Member Comment 6 by, Mar 13 2013
Labels: Restrict-View-EditIssue
Comment 7 by, Nov 18 2013
Labels: -Restrict-View-SecurityTeam
Bulk release of old security bug reports.

Project Member Comment 8 by, Feb 6 2014
Labels: -Restrict-View-EditIssue
Bulk update: removing view restriction from closed bugs.
Labels: allpublic
Note that sites can protect themselves somewhat from this phishing method by using <a href="..." rel="noopener" target="_blank"> to block access to their window object from within the openee. It might be that not all browsers support noopener, but some do.
Sign in to add a comment