VULNERABILITY DETAILS
Chromium checks for JavaScript from the URI reflected in the source code, to prevent Cross Site Scripting. This allows an attacker to modify the requested page by disabling genuine JavaScript features on the page. 


VERSION
Chrome Version: tested on 49.0.2623.112 but vulnerability probably exists on most versions
Operating System: Windows 7 SP1

REPRODUCTION CASE
Open attached .html file and open with following parameters:

test.html?x=%09<script>%0D%0A%09%09alert(1)%3B%0D%0A%09%09alert(2)%3B%0D%0A%09%09<%2Fscript>

Notice that only the third alert triggers, due to the first two being disabled by the browser. 
 

Deleted: test.html 138 bytes

test.html 138 bytes View Download