New issue
Advanced search Search tips

Issue 642664 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Aug 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

XSS by pasting JavaScript URIs in the browser address bar

Reported by nitishma...@gmail.com, Aug 31 2016 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Cross Site Scripting in Browser Tab

VERSION
Chrome Version: Version 52.0.2743.116 m
Operating System:Windows 10 Technical Preview

REPRODUCTION CASE
Process to Exploit
  Open New Tab and put javascript:alert(prompt("window.domain") or  javascript:alert("XSS") in address bar and when we hit enter it shows prompt alert.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: tab/browser
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant):
Screenshot_1.png
84.6 KB View Download

Comment 1 by elawrence@chromium.org, Aug 31 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Summary: XSS by pasting JavaScript URIs in the browser address bar (was: Security: XSS in Chrome Browser)
This is working as intended. 

Support for JavaScript URIs in the address bar is intentional, and you can also insert script using the browser's developer tools.

https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

Notably, the browser *does* block pasting of JavaScript protocol URLs in the address bar, by stripping the JavaScript prefix. (as do most browsers; see https://blogs.msdn.microsoft.com/ieinternals/2011/05/19/socially-engineered-xss-attacks/)

Comment 2 by rickyz@chromium.org, Sep 9 2016 

 Issue 645340  has been merged into this issue.

Comment 3 by eveaustr...@gmail.com, Sep 9 2016 

Thanks for the response. But i think i will disagree with this. This can be a security risk with the right method use of social eng... You can compromise others session, cookies that will cause a account takeover... also with this issue http site will suffer from a reflected XSS.. The other guys issue is just pasting a Xss to a browser. And also he said that the attack can only be use to himself by just inserting payload that can be resulted to lf Xss in my issue i reported how to use this attack to http site. Its related because of the attack is in the url bug . but the attack scenario is very different. Maybe consider fixing this because millions of http site is at risk eventhough its hard to perform this attack

Sent from Yahoo Mail on Android 
 
  On Fri, Sep 9, 2016 at 11:48 AM, ric… via monorail<monorail+v2.2970754565@chromium.org> wrote:

Sign in to add a comment