New issue
Advanced search Search tips

Issue 621321 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Website can control/trigger keyboard

Reported by rama10...@gmail.com, Jun 18 2016 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
When we run a test on website ( http://www.browserscope.org/richtext2/test ), it can trigger keyboard and probably control it. 

VERSION
Chrome Version: [51.0.2704.81] + [stable]
Operating System: [Android, 6.0.1, and March security level]

REPRODUCTION CASE
Go to this http://www.browserscope.org/richtext2/test webpage and click run, it will trigger keyboard after few seconds. Thank you

Comment 1 by est...@chromium.org, Jun 19 2016

Labels: Needs-Feedback
Hi, thanks for the report but I don't think I understand what you mean. Can you explain what you mean by "trigger keyboard" and what is the security risk to users?

Comment 2 by rama10...@gmail.com, Jun 19 2016 

Hi, I mean keyboard opens up on it's own and starts to type. I can see that some buttons are getting pressed. I can't close the tab and keyboard while the test is running. I don't think it should be happening. It's probably a security risk because maybe the website can actually control the keyboard and exploit. Keyboard has access to special permissions such as contacts on Android, this could also be a potential privacy risk. Thank you
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 19 2016

Labels: -Needs-Feedback Needs-Review
Owner: est...@chromium.org
Thank you for providing more feedback. Adding requester "estark@chromium.org" for another review and adding "Needs-Review" label for tracking.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by ClusterFuzz, Jun 19 2016

Status: Assigned (was: Unconfirmed)

Comment 5 by est...@chromium.org, Jun 20 2016

Labels: -Restrict-View-SecurityTeam -Needs-Review Security_Impact-None
Owner: ----
Status: WontFix (was: Assigned)
Ah, it looks like you are seeing synthesized keyboard events, where the website is generating keypresses in its own origin. But it can't read data or generate keypresses for other origins, so it doesn't present a security or privacy risk to users. See for example http://stackoverflow.com/questions/961532/firing-a-keyboard-event-in-javascript for a description of how this can be done.

Comment 6 Deleted

Comment 7 by rama10...@gmail.com, Jun 21 2016 

Thank you
Project Member

Comment 8 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 10 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment