VULNERABILITY DETAILS
I decided to report a vulnerability wherein an XSS payload is being executed and rendered before being redirected to an actual site. By adding <script>alert('hello world') in a website (example: evil.com) cached by Google for example, the payload is executed prior to being taken to evil.com.

Here is a sample wherein I used a defacement page of someone as an example:
1. Visit https://www.google.com.ph/search?sourceid=chrome-psyapi2&rlz=1C5CHFA_enPH690PH690&ion=1&espv=2&ie=UTF-8&q=LEYTE_PR1D3&oq=Ley&aqs=chrome.1.69i57j69i59j69i61j0l2j69i60.2788j0j7 
2. If that doesn't work you can just type LEYTE_PR1D3 in the search field / engine
3. Click on the first website (in my case atozjob.com/images - attached is the screenshot) that is ranked one - XSS should pop up before being redirected (this is not open redirection)

In Firefox, it is not like this. I am taken to the website before the XSS payload is rendered.

VERSION
Chrome Version: Version 50.0.2661.94 (64-bit)

Operating System: Mac OS X El Capitan Version 10.11.14

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.


 

Deleted: render.jpg 227 KB

	render.jpg 227 KB View Download