New issue
Advanced search Search tips

Issue 606348 link

Starred by 1 user
Status: Duplicate
Owner: ----
Closed: Apr 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Crash Browser.

Reported by ezequiel...@janusautomation.com, Apr 25 2016 
Description:
When two unicode characters are entered in the password field forms authentication, the browser automatically "die" this without pressing the enter key

Tested on: Microsoft Windows [VersiĆ³n 10.0.10586]
Version: [Chrome 50.0.2661.75 (Build oficial) m (32 bits)] & [Opera 36.0.2130.65 ]

Steps to reproduce:
  1. Call form type: "Basic access authentication"  (WWW-Authenticate: Basic realm="domain x")
  2. Copy two charset unicode (ej:

Comment 1 Deleted

Comment 2 by ezequiel...@janusautomation.com, Apr 25 2016 

you app web for reported has a bug !, no can write any character unicode. 
here mi report: http://pastebin.com/GKrf1f52

Comment 3 by vakh@chromium.org, Apr 25 2016

Mergedinto: 606009
Status: Duplicate (was: Unconfirmed)

Comment 4 Deleted

Comment 5 by ezequiel...@janusautomation.com, Apr 27 2016 

Hello, 
Following my report, what is the next step?
The report is good or bad?
I may get some reward?, it's possible?

(Report: http://pastebin.com/GKrf1f52).

Comment 6 by elawrence@chromium.org, Apr 29 2016 

Thanks for the bug report! You've provided a good repro case for an existing known issue and that will be useful as we test the fix. 

Chrome only offers a bug bounty for security bugs; the program is described here: https://www.google.com/about/appsecurity/chrome-rewards/

Unfortunately, crash issues that cannot be exploited (like this one) are considered Denial-of-Service issues and are not eligible for bounties; see https://www.chromium.org/Home/chromium-security/reporting-security-bugs for the triage criteria.

Thanks again for reporting your repro steps!

Comment 7 by ezequiel...@janusautomation.com, Apr 29 2016 

Thank you, and until next bug. 
pd: my English is little. My Spanish (es-AR) is better (native).
Project Member

Comment 8 by sheriffbot@chromium.org, Aug 2 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 11 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment