Issue metadata
Sign in to add a comment
|
Security: Users can accidentally grant access to webcam/microphone
Reported by
studioso...@gmail.com,
Jun 13 2016
|
||||||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs VULNERABILITY DETAILS The popup for granting access to webcam/microphone has the "Allow" button on focus by default. Websites can get access users webcam/microphone without their permission by having users press the spacebar button in search bars. Reproduction linked below. This security flaw can be resolved by removing the autofocus on the popup. VERSION Chrome Version: 51.0.2704.79 (64-bit) + stable-channel parrot Operating System: Chrome OS (Chromebook) 8172.47.0 (Official Build) REPRODUCTION CASE https://jsfiddle.net/v8269bcm/
,
Jun 13 2016
,
Jun 13 2016
Thank you for the detailed report, we are handling this as a security vulnerability in another bug ID.
,
Oct 2 2016
,
Nov 12 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nparker@chromium.org
, Jun 13 2016