New issue
Advanced search Search tips

Issue 590767 link

Starred by 2 users
Status: Duplicate
Owner:
jochen@chromium.org
Closed: Feb 2017
Cc:
dcheng@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Security: same origin restriction violation

Reported by jubbynox@gmail.com, Feb 29 2016 
VULNERABILITY DETAILS
By manipulating document.domain within both a parent and a frame loaded from a sub domain, it is possible to create an iframe that is hidden from the parent, yet the iframe can still access objects within the parent. (e.g the DOM and scripts.)

VERSION
Chrome Version: Version 48.0.2564.109 m
Operating System: Windows 10

REPRODUCTION CASE
Attached is ZIP of two files: main.html, frame.html
Run these within a web server (HTTP, port 80), where both "testdomain.com" and "subdomain.testdomain.com" both point to the web server.
The frame will alter the DOM of the parent and run a script from it, even though it has a different value for document.domain.
same_origin_restriction_violation.zip
803 bytes Download

Comment 1 by och...@chromium.org, Mar 1 2016

Components: Blink>SecurityFeature
Labels: -Restrict-View-SecurityTeam Type-Bug
Owner: mkwst@chromium.org
mkwst, could you please take a look at this?

Comment 2 by mkwst@chromium.org, Feb 14 2017

Cc: dcheng@chromium.org
Labels: Pri-2
Owner: jochen@chromium.org
Status: Assigned (was: Unconfirmed)
jochen@, dcheng@, can you dupe this against the other bug talking about membrane-like checks for `document.domain` modifications effecting existing objects?

Comment 3 by jochen@chromium.org, Feb 14 2017

Mergedinto: 688093
Status: Duplicate (was: Assigned)

Sign in to add a comment