Issue metadata
Sign in to add a comment
|
Security: Website can control/trigger keyboard
Reported by
rama10...@gmail.com,
Jun 18 2016
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs VULNERABILITY DETAILS When we run a test on website ( http://www.browserscope.org/richtext2/test ), it can trigger keyboard and probably control it. VERSION Chrome Version: [51.0.2704.81] + [stable] Operating System: [Android, 6.0.1, and March security level] REPRODUCTION CASE Go to this http://www.browserscope.org/richtext2/test webpage and click run, it will trigger keyboard after few seconds. Thank you
,
Jun 19 2016
Hi, I mean keyboard opens up on it's own and starts to type. I can see that some buttons are getting pressed. I can't close the tab and keyboard while the test is running. I don't think it should be happening. It's probably a security risk because maybe the website can actually control the keyboard and exploit. Keyboard has access to special permissions such as contacts on Android, this could also be a potential privacy risk. Thank you
,
Jun 19 2016
Thank you for providing more feedback. Adding requester "estark@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 19 2016
,
Jun 20 2016
Ah, it looks like you are seeing synthesized keyboard events, where the website is generating keypresses in its own origin. But it can't read data or generate keypresses for other origins, so it doesn't present a security or privacy risk to users. See for example http://stackoverflow.com/questions/961532/firing-a-keyboard-event-in-javascript for a description of how this can be done.
,
Jun 21 2016
Thank you
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by est...@chromium.org
, Jun 19 2016