Issue metadata
Sign in to add a comment
|
Security: Showing google URL on address bar but when form in completed then informations will sent to attacker site
Reported by
tahir.vb...@gmail.com,
Aug 5 2016
|
||||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS This vulnerability allow attackers to show google URL and then show about:blank please see attached video. By using this vulnerability an attacker can show legal google URL in chrome but when USER enter his google login credentials then credentials will send to attacker site. VERSION Chrome Version: Version 51.0.2704.103 m Operating System: Windows 7 Service Pack 1 REPRODUCTION CASE URL: http://jsfiddle.net/dy4swq4o/show/ HTML: HTML is attached in file
,
Aug 5 2016
,
Nov 12 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Aug 5 2016Status: Duplicate (was: Unconfirmed)