New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 617473 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2016
Cc:
f...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: self xss

Reported by firatylm...@gmail.com, Jun 5 2016 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS

" google source code editing the CSS code that is added when you leads to security vulnerabilities on google "



VERSION
Chrome Version: [50.0.2661.102] + [dev]
Operating System: [Windows 10]

REPRODUCTION CASE
added.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [browser]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]
Adsız967986785678.jpg
90.9 KB View Download

Comment 1 by f...@chromium.org, Jun 6 2016

Cc: f...@chromium.org
Labels: -Type-Bug-Security Needs-Feedback Type-Bug
Status: WontFix (was: Unconfirmed)
Hi, thanks for the report.

If I understand right: you opened DevTools on Google search, added new code, and executed it?

Assuming I am correct: that is working as intended. Web users are able to self-XSS themselves by adding new code to websites, if they'd like. It isn't a great idea but it is not actually a bug in either Google or Chrome, since you've decided to do it to yourself.
Project Member

Comment 2 by sheriffbot@chromium.org, Sep 13 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment