New issue
Advanced search Search tips

Issue 593216 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Mar 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: XSS in Google Chrome

Reported by prashant...@gmail.com, Mar 9 2016 
VULNERABILITY DETAILS
There is the XSS vulnerability in Google chrome version of 49.0.2623.87

VERSION
Chrome Version: [49.0.2623.87] + [stable, beta, or dev]
Operating System: [Windows 7]

REPRODUCTION CASE
I have attached the file. 
Payload is: Javascript:alert("xss")

Note: j should be capital and not small.
google report.pdf
500 KB Download

Comment 1 by infe...@chromium.org, Mar 10 2016

Status: WontFix (was: Unconfirmed)
Javascript: url don't get executed in the url bar, it gets stripped.

Comment 2 by prashant...@gmail.com, Mar 11 2016 

It get executed. As many times we try it get executed and not get stripped.
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 17 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment