This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

In the collection of Web tags in the web site inside the input javascript:alert (location.href); void (0), when each click will pop up the window. I think it is going to fix this bug, because it does not rule out one day someone to use this vulnerability to carry out remote command execution. First, the means of attack will be to let you collect a pornographic web site of the label, if the user clicks. Then you will get some information about the user.

VERSION
Chrome Version: 51.0.2704.103 m
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

 

Deleted: pig.rar 306 KB

pig.rar 306 KB Download