Issue 622598 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jun 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
Needs-Feedback Security_Severity-Low Security_Impact-None allpublic

Security: Google chrome browser vulnerabilities, two versions of the browser hijacking vulnerabilities, please check, thanks

Reported by swm9...@gmail.com, Jun 23 2016

Issue description


VULNERABILITY DETAILS
Google chrome browser is hijacked, causing hackers use browser vulnerabilities to attack, hardware firewall can not identify attacks version, I use nginx filter $ http_user_agent, identification chrome version of the shield, check the two versions of browsers exist bug loopholes, thanks, fix the vulnerability as soon as possible.
if ($http_user_agent ~* "Chrome/45.0.2454.99"){
return 503;
}
if ($http_user_agent ~* "Chrome/39.0.2171.99"){
return 503;
}

VERSION
Chrome Version: [39.0.2171.99] + [stable, beta, or dev]
Operating System: [Windows NT 6.3; Win64; x64]

Chrome Version: [45.0.2454.99] + [stable, beta, or dev]
Operating System: [Windows NT 6.3; Win64; x64]

REPRODUCTION CASE
Google chrome browser is hijacked, causing hackers use browser vulnerabilities to attack, hardware firewall can not identify attacks version, I use nginx filter $ http_user_agent, identification chrome version of the shield, check the two versions of browsers exist bug loopholes, thanks, fix the vulnerability as soon as possible.
if ($http_user_agent ~* "Chrome/45.0.2454.99"){
return 503;
}
if ($http_user_agent ~* "Chrome/39.0.2171.99"){
return 503;
}

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [Google chrome browser]
Crash State: Website malicious attacks, firewall unavailable
Client ID (if relevant): swm9988@gmail.com

	QQ图片2.png 37.1 KB View Download

	QQ图片20160623114438.png 19.4 KB View Download

Comment 1 by dominickn@chromium.org, Jun 23 2016

Both versions of Chrome you cite are extremely out of date, and the vast majority of users will have been automatically upgraded to a more recent version. Unless you can be more specific about a security vulnerability in an up to date version of the browser (current 51), this isn't a security bug.

Comment 2 by dominickn@chromium.org, Jun 24 2016

Labels: Needs-Feedback

Comment 3 by dominickn@chromium.org, Jun 26 2016

Labels: Security_Severity-Low Security_Impact-None
Status: WontFix (was: Unconfirmed)

Closing as WontFix - if you can provide further details regarding a vulnerability in an up to date version of Chrome, please post and reopen this bug.

Project Member

Comment 4 by sheriffbot@chromium.org, Oct 2 2016

Labels: -Restrict-View-SecurityTeam

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

►

Issue 622598 link

Issue metadata

Security: Google chrome browser vulnerabilities, two versions of the browser hijacking vulnerabilities, please check, thanks

Issue description

Comment 1 by dominickn@chromium.org, Jun 23 2016

Comment 1 Deleted

Comment 2 by dominickn@chromium.org, Jun 24 2016

Comment 2 Deleted

Comment 3 by dominickn@chromium.org, Jun 26 2016

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Oct 2 2016

Comment 4 Deleted

Comment 5 by mbarbe...@chromium.org, Oct 2 2016

Comment 5 Deleted

Sign in to add a comment