Issue metadata
Sign in to add a comment
|
This was an email to html style which leads to crossplatform attack in which the attacker also uses css and sql injections and remote execution. I will include the email header below
Reported by
cmarkta...@gmail.com,
Sep 24 2016
|
||||||||||||||||||||
Issue descriptionSteps to reproduce the problem: 1. 2.https://staging.binary.com/en/trading.html?currency=USD&market=volidx&underlying=R_100&formname=risefall&date_start=now&duration_amount=1&duration_units=m&amount=10&amount_type=payout&expiry_type=duration Http://mail.google.com mobile https://www.google.com.ph/url?sa=t&source=web&rct=j&url=http://www.apkmirror.com/apk/google-inc/chrome/chrome-52-0-2743-98-release/&ved=0ahUKEwjClovXiafPAhVIGJQKHXr0ANMQFggdMAA&usg=AFQjCNFLmv7w5Raa2hV0YCn6-YXMKZqldw&sig2=hHt5uDEQwIeDBSV1emeXpQ What is the expected behavior? This can cause denial of service.Which you wouldnt notice that you are giving sensitive info to the attacker. The victim dont know that the attacker can read text messages and listen to phne calls. What went wrong? This can interrupt with financial transactions like binary trading. The attacker might also have access in your online banking Did this work before? Yes Chrome version: 52.0.2743.98 Channel: n/a OS Version: 4.1 Flash Version: I am willing to keep this confidential if needed.
,
Sep 27 2016
Closing this bug due to lack of information. We can re-open later if detailed instructions illustrating a security flaw can be provided.
,
Oct 5 2016
I would like to put an update on this. I have replied on the email that you sent me. The problems that I experienced is on the email. And the links for the step by step reproduction was included on the emails that i send.
,
Oct 5 2016
The Chrome team does not track bugs via email. If you would like a bug to be tracked, please put all relevant data in the bug.
,
Oct 5 2016
1. https://fonts.googleapis.com/css?family=Roboto:300,400,700&subset=latin,vietnamese,cyrillic-ext,latin-ext,cyrillic);body{font-family:roboto,sans-serif;font-size:18px;position:relative;min-height:100%;margin:0;padding:0;color:#000;background:#FFF;background-repeat:repeat-x;background-position:bottom}.primary-color{background-color:#2A3052}.primary-bg-color{background-color:#2A3052}.secondary-color{color:#E98024}.secondary-bg-color{background-color:#E98024}.primary-color-dark{background-color:#15212D}.primary-bg-color-dark{background-color:#15212D}header,#header,.header{border-top:2px solid #394171;border-bottom:4px solid #E98024;background:#2A3052}ol,ul{list-style:none}ul.bullet{margin:1.25em 0 1.25em 1.25em}ol{margin:1.25em 0 1.25em 1.25em}ul.bullet li{list-style-image:url("data:image/svg+xml;charset=utf8,%3Csvg width='18px' height='18px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 18 18'%3E%3Cpath fill='%23e98024' d='M12,17.5A5.5,5.5,0,1,1,17.5,12,5.507,5.507,0,0,1,12,17.5Zm0-9A3.5,3.5,0,1,0,15.5,12,3.5,3.5,0,0,0,12,8.5Z'/%3E%3C/svg%3E")}ol li,ul li{line-height:1.4em;margin:.5em 0 0}ol li ol,ol li ul,ul li ol,ul li ul{margin:.8em 0 0 1em}ol li{list-style-type:decimal;list-style-image:none}img{vertical-align:middle;border:0}ul.checked li{min-height:24px;padding-left:35px;background:url("data:image/svg+xml;charset=utf8,%3Csvg width='24px' height='24px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpolygon fill='%23e98024' points='8.308 22.298 0.399 14.39 3.934 10.854 8.308 15.228 20.066 3.47 23.601 7.005 8.308 22.298'/%3E%3C/svg%3E") no-repeat}.reset_ol{counter-reset:item}.reset_ol li{display:block}.reset_ol li:before{content:counters(item,".") ". ";counter-increment:item}button{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;cursor:pointer;font-size:18px;border:0;background:#2E8836;color:#FFF}button:active,button:hover{text-decoration:none}button:visited{color:#FFF}button:active,button:hover{background-color:#14602B}.button{cursor:pointer;margin-bottom:0.5em}.button span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;border:0;color:#FFF;background:#2E8836}.button span:active,.button span:hover{text-decoration:none}.button span:hover{background-color:#14602B}.button spanvisited{color:#FFF}.button-secondary{cursor:pointer;margin-bottom:0.5em}.button-secondary span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;border:0;color:#000;background:#F2F2F2}.button-secondary span:active,.button-secondary span:hover{text-decoration:none}.button-secondary span:hover{text-decoration:none;background:#DEDEDE}.button-disabled{cursor:pointer;margin-bottom:0.5em}.button-disabled span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;white-space:nowrap;border:0;color:#DEDEDE;background:#F2F2F2;cursor:default}.button-disabled span:active,.button-disabled span:hover{text-decoration:none}.button-disabled span:active,.button-disabled span:hover{color:#DEDEDE;background:#F2F2F2}h1,h2,h3,h4,li,p,a,span{text-rendering:optimizelegibility}a,a:visited{color:#2A3052;text-decoration:none;font-weight:bold}a:hover,a:active,a:visited:hover,a:visited:active{text-decoration:underline}p{margin:1em 0;line-height:1.4em}.font-n{font-size:18px}.font-s{font-size:13px}.font-xs{font-size:10px}h1{font-size:36px;font-weight:300;color:#E98024}h1 a{color:#E98024!important}h1.dark{color:#2A3052}h1.dark a{color:#2A3052!important}h2{font-size:28px;color:#E98024;font-weight:300}h2 a{color:#2A3052!important}h2 em{text-decoration:underline}h2.center{text-align:center;margin:1.25em auto}h3{color:#2A3052;font-size:22px;font-weight:300}h3 a{color:#2A3052!important}h4{color:#000;font-size:18px}h4 a{color:#000!important}select,input,textarea{font-family:inherit;font-size:inherit;font-weight:inherit;font-style:inherit;padding:2px 3px;border:1px solid #F2F2F2;background:#FFF;border-radius:3px}.hint{font-size:13px;color:#44484C;margin-top:3px}.error-msg{font-style:italic;font-size:93%}.notice-msg{color:#000;background-color:#FEF1CF;padding:10px;overflow:hidden}table{border-collapse:collapse;font-size:0.9em;line-height:1.5em;width:100%}table .even{background-color:#FFF}table *{font-size:1em}table thead,table th{line-height:1.1em;font-weight:bold;padding:3px 8px;background:#F2F2F2;border-bottom:1px solid #F2F2F2;vertical-align:middle}table thead#pf-bet-details,table th#pf-bet-details{text-align:left}table thead.total,table th.total{background:none}table thead.num,table th.num{font-weight:bold}table td{vertical-align:top;border-width:0 1px;padding:4px 4px;border-bottom:3px solid #F2F2F2}table td.num{text-align:center}table td.text{text-align:center;vertical-align:middle}table td.tip{text-align:left}.sidebar-left ul{font-size:18px}.sidebar-left ul li{list-style-image:none;margin:0;background:#F2F2F2;line-height:150%;border-bottom:1px solid #FFF}.sidebar-left ul li:hover{background:#DEDEDE}.sidebar-left ul li a{font-size:18px;font-weight:normal;text-decoration:none;display:block;padding:5px 5px 5px 10px;color:#2A3052}.sidebar-left ul li.selected{background:#2A3052}.sidebar-left ul li.selected a{color:#FFF;text-decoration:none}[data-balloon]{position:relative;border-bottom:1px dotted #000;cursor:help}.no-underline[data-balloon]{border-bottom:none;text-decoration:none}[data-balloon]:after,[data-balloon]:before{-ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=0)';filter:alpha(opacity=0);-khtml-opacity:0;-moz-opacity:0;opacity:0;pointer-events:none;-webkit-transition:all 0.18s ease-out 0.18s;transition:all 0.18s ease-out 0.18s;bottom:100%;left:50%;position:absolute;z-index:10;-webkit-transform:translate(-50%,10px);-ms-transform:translate(-50%,10px);transform:translate(-50%,10px);-webkit-transform-origin:top;-ms-transform-origin:top;transform-origin:top}[data-balloon]:before{font-family:'proxima-nova','arial',sans-serif;font-size:14px;font-weight:normal;line-height:1.5;text-align:initial;text-transform:none;text-decoration:none;letter-spacing:normal;border:1px solid #DEDEDE;box-shadow:0 3px 5px rgba(0,0,0,0.3);background:#FEF1CF;border-radius:4px;color:#000;content:attr(data-balloon);padding:1em;white-space:nowrap;margin-bottom:11px}[data-balloon]:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='36px' height='12px'%3E%3Cpath fill='%23fef1cf' transform='rotate(0)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:6px;width:18px;content:'';margin-bottom:6px}[data-balloon]:hover:after,[data-balloon]:hover:before{-ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=100)';filter:alpha(opacity=100);-khtml-opacity:1;-moz-opacity:1;opacity:1;pointer-events:auto;-webkit-transform:translate(-50%,0);-ms-transform:translate(-50%,0);transform:translate(-50%,0)}[data-balloon][data-balloon-break]:before{white-space:normal}[data-balloon-pos='down']:after,[data-balloon-pos='down']:before{bottom:auto;left:50%;top:100%;-webkit-transform:translate(-50%,-10px);-ms-transform:translate(-50%,-10px);transform:translate(-50%,-10px)}[data-balloon-pos='down']:before{margin-top:11px}[data-balloon-pos='down']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='36px' height='12px'%3E%3Cpath fill='%23fef1cf' transform='rotate(180 18 6)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:6px;width:18px;margin-top:6px;margin-bottom:0}[data-balloon-pos='down']:hover:after,[data-balloon-pos='down']:hover:before{-webkit-transform:translate(-50%,0);-ms-transform:translate(-50%,0);transform:translate(-50%,0)}[data-balloon-pos='left']:after,[data-balloon-pos='left']:before{bottom:auto;left:auto;right:100%;top:50%;-webkit-transform:translate(10px,-50%);-ms-transform:translate(10px,-50%);transform:translate(10px,-50%)}[data-balloon-pos='left']:before{margin-right:11px}[data-balloon-pos='left']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12px' height='36px'%3E%3Cpath fill='%23fef1cf' transform='rotate(-90 18 18)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:18px;width:6px;margin-right:6px;margin-bottom:0}[data-balloon-pos='left']:hover:after,[data-balloon-pos='left']:hover:before{-webkit-transform:translate(0,-50%);-ms-transform:translate(0,-50%);transform:translate(0,-50%)}[data-balloon-pos='right']:after,[data-balloon-pos='right']:before{bottom:auto;left:100%;top:50%;-webkit-transform:translate(-10px,-50%);-ms-transform:translate(-10px,-50%);transform:translate(-10px,-50%)}[data-balloon-pos='right']:before{margin-left:11px}[data-balloon-pos='right']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12px' height='36px'%3E%3Cpath fill='%23fef1cf' transform='rotate(90 6 6)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:18px;width:6px;margin-bottom:0;margin-left:6px}[data-balloon-pos='right']:hover:after,[data-balloon-pos='right']:hover:before{-webkit-transform:translate(0,-50%);-ms-transform:translate(0,-50%);transform:translate(0,-50%)}[data-balloon-length]:before{white-space:normal}[data-balloon-length='small']:before{width:80px}[data-balloon-length='medium']:before{width:150px}[data-balloon-length='large']:before{width:260px}[data-balloon-length='xlarge']:before{width:90vw}@media screen and (min-width: 768px){[data-balloon-length='xlarge']:before{width:380px}}[data-balloon-length='fit']:before{width:100%}@media screen and (max-width: 768px){[data-balloon]{cursor:initial}[data-balloon]:after,[data-balloon]:before{display:none!important}}.nav-menu{font-size:1rem}.nav-menu a{color:#FFF}.nav-menu>li{position:relative;text-align:center}.nav-menu>li>ul{width:100%;background-color:#F2F2F2}.main-nav{width:165px;border:1px solid #2A3052;position:absolute;right:0;padding:0;margin:0;background-color:#2A3052;transition:none!important}.main-nav>li{margin-top:3px;height:70px}.main-nav>li a{font-weight:normal}.main-nav>li a:hover{text-decoration:none}.main-nav>li>ul{margin:-18px -1px;border:1px solid #DEDEDE;padding:0}.main-nav>li>ul a{color:initial}.main-nav>li>ul a li{margin-top:0;padding:7px 0}.main-nav>li>ul a li:hover{background-color:#DEDEDE}.main-nav .nav-caret{position:relative;top:-45px;right:-68px}.nav-caret{vertical-align:middle;border-top:4px dashed;border-right:4px solid transparent;border-left:4px solid transparent;display:inline-block}#all-accounts,#all-accounts-top{background-color:#F2F2F2;border:1px solid #DEDEDE;z-index:99999;opacity:0;visibility:hidden}#all-accounts>li a,#all-accounts-top>li a{color:#000}#main-logout,#logout-top{position:relative;height:75px;display:flex;width:165px;float:right}.separator-line-thin-gray{border-top:1px solid #DEDEDE}#topbar{width:100%;line-height:1;font-size:70%;text-align:right;padding:3px 0}#topbar,#topbar a{color:#FFF}#topbar:hover,#topbar a:hover{text-decoration:none}#header #binary-logo-text{margin-top:10px;padding:0 10px}.ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-clearfix{min-height:0}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important}.ui-icon{display:block;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-overlay{position:fixed;top:0;left:0;width:100%;height:100%}.ui-accordion .ui-accordion-header{display:block;cursor:pointer;position:relative;margin:2px 0 0 0;padding:.5em .5em .5em .7em;min-height:0;font-size:100%}.ui-accordion .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-icons .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-header .ui-accordion-header-icon{position:absolute;left:.5em;top:50%;margin-top:-8px}.ui-accordion .ui-accordion-content{padding:1em 2.2em;border-top:0;overflow:auto}.ui-tabs{position:relative;padding:.2em}.ui-tabs .ui-tabs-nav{margin:0;padding:.2em .2em 0}.ui-tabs .ui-tabs-nav li{list-style:none;float:left;position:relative;top:0;margin:1px .2em 0 0;border-bottom-width:0;padding:0;white-space:nowrap}.ui-tabs .ui-tabs-nav .ui-tabs-anchor{float:left;padding:.5em 1em;text-decoration:none}.ui-tabs .ui-tabs-nav li.ui-tabs-active{margin-bottom:-1px;padding-bottom:1px}.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor{cursor:text}.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor{cursor:pointer}.ui-tabs .ui-tabs-panel{display:block;border-width:0;padding:1em 1.4em;background:none}.ui-accordion .ui-accordion-header,.accordion .ui-accordion-header,#accordion .ui-accordion-header{border-radius:0;margin-bottom:-3px;font-size:18px;font-weight:normal}.ui-accordion .ui-icon,.accordion .ui-icon,#accordion .ui-icon{display:none;visibility:hidden}.ui-accordion .ui-accordion-icons,.ui-accordion .ui-accordion-icons .ui-accordion-icons,.accordion .ui-accordion-icons,.accordion .ui-accordion-icons .ui-accordion-icons,#accordion .ui-accordion-icons,#accordion .ui-accordion-icons .ui-accordion-icons{padding-left:1.5em}.ui-accordion .ui-state-active,.ui-accordion .ui-state-default,.ui-accordion .ui-state-hover,.accordion .ui-state-active,.accordion .ui-state-default,.accordion .ui-state-hover,#accordion .ui-state-active,#accordion .ui-state-default,#accordion .ui-state-hover{border:none;outline:none;background-repeat:no-repeat;background-position:right}.ui-accordion .ui-state-active.ui-state-default,.ui-accordion .ui-state-active.ui-state-default.ui-state-hover,.accordion .ui-state-active.ui-state-default,.accordion .ui-state-active.ui-state-default.ui-state-hover,#accordion .ui-state-active.ui-state-default,#accordion .ui-state-active.ui-state-default.ui-state-hover{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' width='24' height='24'%3E%3Cpath fill='%23fff' d='M7.41,7.84,12,12.42l4.59-4.58L18,9.25l-6,6-6-6Z'/%3E%3C/svg%3E");background-color:#2A3052;border-color:#2A3052;color:#FFF}.ui-accordion .ui-state-default,.ui-accordion .ui-state-hover,.accordion .ui-state-default,.accordion .ui-state-hover,#accordion .ui-state-default,#accordion .ui-state-hover{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' width='24' height='24'%3E%3Cpath fill='%232a3052' d='M8.59,16.59,13.17,12,8.59,7.41,10,6l6,6-6,6Z'/%3E%3C/svg%3E");background-color:#F2F2F2;border:1px solid #DEDEDE;color:#2A3052}.ui-accordion .ui-state-hover,.accordion .ui-state-hover,#accordion .ui-state-hover{background-color:#DEDEDE}.ui-accordion .ui-accordion-content,.accordion .ui-accordion-content,#accordion .ui-accordion-content{border-radius:0}.ui-accordion .ui-widget-content,.accordion .ui-widget-content,#accordion .ui-widget-content{border:1px solid #DEDEDE}.tabs-container,.has-tabs{padding:0}.tabs-container ul.ui-tabs-nav,.has-tabs ul.ui-tabs-nav{border:none;border-radius:0;padding:0;margin-left:0;background:none}.tabs-container ul.ui-tabs-nav li,.has-tabs ul.ui-tabs-nav li{border:none;list-style-image:none;background:#F2F2F2;border-radius:3px 3px 0 0;margin:0 2px 0 0;padding:0 10px}.tabs-container ul.ui-tabs-nav li a,.tabs-container ul.ui-tabs-nav li a:visited,.has-tabs ul.ui-tabs-nav li a,.has-tabs ul.ui-tabs-nav li a:visited{padding:0!important;font-weight:normal;text-decoration:none;color:#000;font-size:90%;background:transparent}.tabs-container ul.ui-tabs-nav li.active,.tabs-container ul.ui-tabs-nav li.ui-tabs-active,.has-tabs ul.ui-tabs-nav li.active,.has-tabs ul.ui-tabs-nav li.ui-tabs-active{background:#2A3052;color:#FFF}.tabs-container ul.ui-tabs-nav li.active a,.tabs-container ul.ui-tabs-nav li.ui-tabs-active a,.has-tabs ul.ui-tabs-nav li.active a,.has-tabs ul.ui-tabs-nav li.ui-tabs-active a{background:none;color:#FFF;font-weight:normal;text-decoration:none;padding:0;outline:none}.tabs-container ul.ui-tabs-nav li.active span.a-active,.tabs-container ul.ui-tabs-nav li.ui-tabs-active span.a-active,.has-tabs ul.ui-tabs-nav li.active span.a-active,.has-tabs ul.ui-tabs-nav li.ui-tabs-active span.a-active{line-height:2}.tabs-container .ui-tabs-panel,.has-tabs .ui-tabs-panel{border:1px solid #DEDEDE;padding:10p 2. https://webtrader.binary.com/v2.1.14/lib/require-css/css.min.js 3.http://www.w3.org/1999/xlink
,
Oct 5 2016
1. https://fonts.googleapis.com/css?family=Roboto:300,400,700&subset=latin,vietnamese,cyrillic-ext,latin-ext,cyrillic);body{font-family:roboto,sans-serif;font-size:18px;position:relative;min-height:100%;margin:0;padding:0;color:#000;background:#FFF;background-repeat:repeat-x;background-position:bottom}.primary-color{background-color:#2A3052}.primary-bg-color{background-color:#2A3052}.secondary-color{color:#E98024}.secondary-bg-color{background-color:#E98024}.primary-color-dark{background-color:#15212D}.primary-bg-color-dark{background-color:#15212D}header,#header,.header{border-top:2px solid #394171;border-bottom:4px solid #E98024;background:#2A3052}ol,ul{list-style:none}ul.bullet{margin:1.25em 0 1.25em 1.25em}ol{margin:1.25em 0 1.25em 1.25em}ul.bullet li{list-style-image:url("data:image/svg+xml;charset=utf8,%3Csvg width='18px' height='18px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 18 18'%3E%3Cpath fill='%23e98024' d='M12,17.5A5.5,5.5,0,1,1,17.5,12,5.507,5.507,0,0,1,12,17.5Zm0-9A3.5,3.5,0,1,0,15.5,12,3.5,3.5,0,0,0,12,8.5Z'/%3E%3C/svg%3E")}ol li,ul li{line-height:1.4em;margin:.5em 0 0}ol li ol,ol li ul,ul li ol,ul li ul{margin:.8em 0 0 1em}ol li{list-style-type:decimal;list-style-image:none}img{vertical-align:middle;border:0}ul.checked li{min-height:24px;padding-left:35px;background:url("data:image/svg+xml;charset=utf8,%3Csvg width='24px' height='24px' xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'%3E%3Cpolygon fill='%23e98024' points='8.308 22.298 0.399 14.39 3.934 10.854 8.308 15.228 20.066 3.47 23.601 7.005 8.308 22.298'/%3E%3C/svg%3E") no-repeat}.reset_ol{counter-reset:item}.reset_ol li{display:block}.reset_ol li:before{content:counters(item,".") ". ";counter-increment:item}button{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;cursor:pointer;font-size:18px;border:0;background:#2E8836;color:#FFF}button:active,button:hover{text-decoration:none}button:visited{color:#FFF}button:active,button:hover{background-color:#14602B}.button{cursor:pointer;margin-bottom:0.5em}.button span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;border:0;color:#FFF;background:#2E8836}.button span:active,.button span:hover{text-decoration:none}.button span:hover{background-color:#14602B}.button spanvisited{color:#FFF}.button-secondary{cursor:pointer;margin-bottom:0.5em}.button-secondary span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;border:0;color:#000;background:#F2F2F2}.button-secondary span:active,.button-secondary span:hover{text-decoration:none}.button-secondary span:hover{text-decoration:none;background:#DEDEDE}.button-disabled{cursor:pointer;margin-bottom:0.5em}.button-disabled span{text-decoration:none;text-align:center;line-height:100%;text-transform:capitalize;padding:10px 25px;display:inline-block;font-weight:400;font-family:inherit;border-radius:3px;overflow:visible;white-space:nowrap;border:0;color:#DEDEDE;background:#F2F2F2;cursor:default}.button-disabled span:active,.button-disabled span:hover{text-decoration:none}.button-disabled span:active,.button-disabled span:hover{color:#DEDEDE;background:#F2F2F2}h1,h2,h3,h4,li,p,a,span{text-rendering:optimizelegibility}a,a:visited{color:#2A3052;text-decoration:none;font-weight:bold}a:hover,a:active,a:visited:hover,a:visited:active{text-decoration:underline}p{margin:1em 0;line-height:1.4em}.font-n{font-size:18px}.font-s{font-size:13px}.font-xs{font-size:10px}h1{font-size:36px;font-weight:300;color:#E98024}h1 a{color:#E98024!important}h1.dark{color:#2A3052}h1.dark a{color:#2A3052!important}h2{font-size:28px;color:#E98024;font-weight:300}h2 a{color:#2A3052!important}h2 em{text-decoration:underline}h2.center{text-align:center;margin:1.25em auto}h3{color:#2A3052;font-size:22px;font-weight:300}h3 a{color:#2A3052!important}h4{color:#000;font-size:18px}h4 a{color:#000!important}select,input,textarea{font-family:inherit;font-size:inherit;font-weight:inherit;font-style:inherit;padding:2px 3px;border:1px solid #F2F2F2;background:#FFF;border-radius:3px}.hint{font-size:13px;color:#44484C;margin-top:3px}.error-msg{font-style:italic;font-size:93%}.notice-msg{color:#000;background-color:#FEF1CF;padding:10px;overflow:hidden}table{border-collapse:collapse;font-size:0.9em;line-height:1.5em;width:100%}table .even{background-color:#FFF}table *{font-size:1em}table thead,table th{line-height:1.1em;font-weight:bold;padding:3px 8px;background:#F2F2F2;border-bottom:1px solid #F2F2F2;vertical-align:middle}table thead#pf-bet-details,table th#pf-bet-details{text-align:left}table thead.total,table th.total{background:none}table thead.num,table th.num{font-weight:bold}table td{vertical-align:top;border-width:0 1px;padding:4px 4px;border-bottom:3px solid #F2F2F2}table td.num{text-align:center}table td.text{text-align:center;vertical-align:middle}table td.tip{text-align:left}.sidebar-left ul{font-size:18px}.sidebar-left ul li{list-style-image:none;margin:0;background:#F2F2F2;line-height:150%;border-bottom:1px solid #FFF}.sidebar-left ul li:hover{background:#DEDEDE}.sidebar-left ul li a{font-size:18px;font-weight:normal;text-decoration:none;display:block;padding:5px 5px 5px 10px;color:#2A3052}.sidebar-left ul li.selected{background:#2A3052}.sidebar-left ul li.selected a{color:#FFF;text-decoration:none}[data-balloon]{position:relative;border-bottom:1px dotted #000;cursor:help}.no-underline[data-balloon]{border-bottom:none;text-decoration:none}[data-balloon]:after,[data-balloon]:before{-ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=0)';filter:alpha(opacity=0);-khtml-opacity:0;-moz-opacity:0;opacity:0;pointer-events:none;-webkit-transition:all 0.18s ease-out 0.18s;transition:all 0.18s ease-out 0.18s;bottom:100%;left:50%;position:absolute;z-index:10;-webkit-transform:translate(-50%,10px);-ms-transform:translate(-50%,10px);transform:translate(-50%,10px);-webkit-transform-origin:top;-ms-transform-origin:top;transform-origin:top}[data-balloon]:before{font-family:'proxima-nova','arial',sans-serif;font-size:14px;font-weight:normal;line-height:1.5;text-align:initial;text-transform:none;text-decoration:none;letter-spacing:normal;border:1px solid #DEDEDE;box-shadow:0 3px 5px rgba(0,0,0,0.3);background:#FEF1CF;border-radius:4px;color:#000;content:attr(data-balloon);padding:1em;white-space:nowrap;margin-bottom:11px}[data-balloon]:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='36px' height='12px'%3E%3Cpath fill='%23fef1cf' transform='rotate(0)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:6px;width:18px;content:'';margin-bottom:6px}[data-balloon]:hover:after,[data-balloon]:hover:before{-ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=100)';filter:alpha(opacity=100);-khtml-opacity:1;-moz-opacity:1;opacity:1;pointer-events:auto;-webkit-transform:translate(-50%,0);-ms-transform:translate(-50%,0);transform:translate(-50%,0)}[data-balloon][data-balloon-break]:before{white-space:normal}[data-balloon-pos='down']:after,[data-balloon-pos='down']:before{bottom:auto;left:50%;top:100%;-webkit-transform:translate(-50%,-10px);-ms-transform:translate(-50%,-10px);transform:translate(-50%,-10px)}[data-balloon-pos='down']:before{margin-top:11px}[data-balloon-pos='down']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='36px' height='12px'%3E%3Cpath fill='%23fef1cf' transform='rotate(180 18 6)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:6px;width:18px;margin-top:6px;margin-bottom:0}[data-balloon-pos='down']:hover:after,[data-balloon-pos='down']:hover:before{-webkit-transform:translate(-50%,0);-ms-transform:translate(-50%,0);transform:translate(-50%,0)}[data-balloon-pos='left']:after,[data-balloon-pos='left']:before{bottom:auto;left:auto;right:100%;top:50%;-webkit-transform:translate(10px,-50%);-ms-transform:translate(10px,-50%);transform:translate(10px,-50%)}[data-balloon-pos='left']:before{margin-right:11px}[data-balloon-pos='left']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12px' height='36px'%3E%3Cpath fill='%23fef1cf' transform='rotate(-90 18 18)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:18px;width:6px;margin-right:6px;margin-bottom:0}[data-balloon-pos='left']:hover:after,[data-balloon-pos='left']:hover:before{-webkit-transform:translate(0,-50%);-ms-transform:translate(0,-50%);transform:translate(0,-50%)}[data-balloon-pos='right']:after,[data-balloon-pos='right']:before{bottom:auto;left:100%;top:50%;-webkit-transform:translate(-10px,-50%);-ms-transform:translate(-10px,-50%);transform:translate(-10px,-50%)}[data-balloon-pos='right']:before{margin-left:11px}[data-balloon-pos='right']:after{background:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12px' height='36px'%3E%3Cpath fill='%23fef1cf' transform='rotate(90 6 6)' d='M2.658,0.000 C-13.615,0.000 50.938,0.000 34.662,0.000 C28.662,0.000 23.035,12.002 18.660,12.002 C14.285,12.002 8.594,0.000 2.658,0.000 Z'/%3E%3C/svg%3E") no-repeat;background-size:100% auto;height:18px;width:6px;margin-bottom:0;margin-left:6px}[data-balloon-pos='right']:hover:after,[data-balloon-pos='right']:hover:before{-webkit-transform:translate(0,-50%);-ms-transform:translate(0,-50%);transform:translate(0,-50%)}[data-balloon-length]:before{white-space:normal}[data-balloon-length='small']:before{width:80px}[data-balloon-length='medium']:before{width:150px}[data-balloon-length='large']:before{width:260px}[data-balloon-length='xlarge']:before{width:90vw}@media screen and (min-width: 768px){[data-balloon-length='xlarge']:before{width:380px}}[data-balloon-length='fit']:before{width:100%}@media screen and (max-width: 768px){[data-balloon]{cursor:initial}[data-balloon]:after,[data-balloon]:before{display:none!important}}.nav-menu{font-size:1rem}.nav-menu a{color:#FFF}.nav-menu>li{position:relative;text-align:center}.nav-menu>li>ul{width:100%;background-color:#F2F2F2}.main-nav{width:165px;border:1px solid #2A3052;position:absolute;right:0;padding:0;margin:0;background-color:#2A3052;transition:none!important}.main-nav>li{margin-top:3px;height:70px}.main-nav>li a{font-weight:normal}.main-nav>li a:hover{text-decoration:none}.main-nav>li>ul{margin:-18px -1px;border:1px solid #DEDEDE;padding:0}.main-nav>li>ul a{color:initial}.main-nav>li>ul a li{margin-top:0;padding:7px 0}.main-nav>li>ul a li:hover{background-color:#DEDEDE}.main-nav .nav-caret{position:relative;top:-45px;right:-68px}.nav-caret{vertical-align:middle;border-top:4px dashed;border-right:4px solid transparent;border-left:4px solid transparent;display:inline-block}#all-accounts,#all-accounts-top{background-color:#F2F2F2;border:1px solid #DEDEDE;z-index:99999;opacity:0;visibility:hidden}#all-accounts>li a,#all-accounts-top>li a{color:#000}#main-logout,#logout-top{position:relative;height:75px;display:flex;width:165px;float:right}.separator-line-thin-gray{border-top:1px solid #DEDEDE}#topbar{width:100%;line-height:1;font-size:70%;text-align:right;padding:3px 0}#topbar,#topbar a{color:#FFF}#topbar:hover,#topbar a:hover{text-decoration:none}#header #binary-logo-text{margin-top:10px;padding:0 10px}.ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-clearfix{min-height:0}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important}.ui-icon{display:block;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-overlay{position:fixed;top:0;left:0;width:100%;height:100%}.ui-accordion .ui-accordion-header{display:block;cursor:pointer;position:relative;margin:2px 0 0 0;padding:.5em .5em .5em .7em;min-height:0;font-size:100%}.ui-accordion .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-icons .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-header .ui-accordion-header-icon{position:absolute;left:.5em;top:50%;margin-top:-8px}.ui-accordion .ui-accordion-content{padding:1em 2.2em;border-top:0;overflow:auto}.ui-tabs{position:relative;padding:.2em}.ui-tabs .ui-tabs-nav{margin:0;padding:.2em .2em 0}.ui-tabs .ui-tabs-nav li{list-style:none;float:left;position:relative;top:0;margin:1px .2em 0 0;border-bottom-width:0;padding:0;white-space:nowrap}.ui-tabs .ui-tabs-nav .ui-tabs-anchor{float:left;padding:.5em 1em;text-decoration:none}.ui-tabs .ui-tabs-nav li.ui-tabs-active{margin-bottom:-1px;padding-bottom:1px}.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor{cursor:text}.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor{cursor:pointer}.ui-tabs .ui-tabs-panel{display:block;border-width:0;padding:1em 1.4em;background:none}.ui-accordion .ui-accordion-header,.accordion .ui-accordion-header,#accordion .ui-accordion-header{border-radius:0;margin-bottom:-3px;font-size:18px;font-weight:normal}.ui-accordion .ui-icon,.accordion .ui-icon,#accordion .ui-icon{display:none;visibility:hidden}.ui-accordion .ui-accordion-icons,.ui-accordion .ui-accordion-icons .ui-accordion-icons,.accordion .ui-accordion-icons,.accordion .ui-accordion-icons .ui-accordion-icons,#accordion .ui-accordion-icons,#accordion .ui-accordion-icons .ui-accordion-icons{padding-left:1.5em}.ui-accordion .ui-state-active,.ui-accordion .ui-state-default,.ui-accordion .ui-state-hover,.accordion .ui-state-active,.accordion .ui-state-default,.accordion .ui-state-hover,#accordion .ui-state-active,#accordion .ui-state-default,#accordion .ui-state-hover{border:none;outline:none;background-repeat:no-repeat;background-position:right}.ui-accordion .ui-state-active.ui-state-default,.ui-accordion .ui-state-active.ui-state-default.ui-state-hover,.accordion .ui-state-active.ui-state-default,.accordion .ui-state-active.ui-state-default.ui-state-hover,#accordion .ui-state-active.ui-state-default,#accordion .ui-state-active.ui-state-default.ui-state-hover{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' width='24' height='24'%3E%3Cpath fill='%23fff' d='M7.41,7.84,12,12.42l4.59-4.58L18,9.25l-6,6-6-6Z'/%3E%3C/svg%3E");background-color:#2A3052;border-color:#2A3052;color:#FFF}.ui-accordion .ui-state-default,.ui-accordion .ui-state-hover,.accordion .ui-state-default,.accordion .ui-state-hover,#accordion .ui-state-default,#accordion .ui-state-hover{background-image:url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' width='24' height='24'%3E%3Cpath fill='%232a3052' d='M8.59,16.59,13.17,12,8.59,7.41,10,6l6,6-6,6Z'/%3E%3C/svg%3E");background-color:#F2F2F2;border:1px solid #DEDEDE;color:#2A3052}.ui-accordion .ui-state-hover,.accordion .ui-state-hover,#accordion .ui-state-hover{background-color:#DEDEDE}.ui-accordion .ui-accordion-content,.accordion .ui-accordion-content,#accordion .ui-accordion-content{border-radius:0}.ui-accordion .ui-widget-content,.accordion .ui-widget-content,#accordion .ui-widget-content{border:1px solid #DEDEDE}.tabs-container,.has-tabs{padding:0}.tabs-container ul.ui-tabs-nav,.has-tabs ul.ui-tabs-nav{border:none;border-radius:0;padding:0;margin-left:0;background:none}.tabs-container ul.ui-tabs-nav li,.has-tabs ul.ui-tabs-nav li{border:none;list-style-image:none;background:#F2F2F2;border-radius:3px 3px 0 0;margin:0 2px 0 0;padding:0 10px}.tabs-container ul.ui-tabs-nav li a,.tabs-container ul.ui-tabs-nav li a:visited,.has-tabs ul.ui-tabs-nav li a,.has-tabs ul.ui-tabs-nav li a:visited{padding:0!important;font-weight:normal;text-decoration:none;color:#000;font-size:90%;background:transparent}.tabs-container ul.ui-tabs-nav li.active,.tabs-container ul.ui-tabs-nav li.ui-tabs-active,.has-tabs ul.ui-tabs-nav li.active,.has-tabs ul.ui-tabs-nav li.ui-tabs-active{background:#2A3052;color:#FFF}.tabs-container ul.ui-tabs-nav li.active a,.tabs-container ul.ui-tabs-nav li.ui-tabs-active a,.has-tabs ul.ui-tabs-nav li.active a,.has-tabs ul.ui-tabs-nav li.ui-tabs-active a{background:none;color:#FFF;font-weight:normal;text-decoration:none;padding:0;outline:none}.tabs-container ul.ui-tabs-nav li.active span.a-active,.tabs-container ul.ui-tabs-nav li.ui-tabs-active span.a-active,.has-tabs ul.ui-tabs-nav li.active span.a-active,.has-tabs ul.ui-tabs-nav li.ui-tabs-active span.a-active{line-height:2}.tabs-container .ui-tabs-panel,.has-tabs .ui-tabs-panel{border:1px solid #DEDEDE;padding:10p 2. https://webtrader.binary.com/v2.1.14/lib/require-css/css.min.js 3.http://www.w3.org/1999/xlink
,
Oct 5 2016
this severe now
,
Oct 5 2016
The attacker used css tricks and website animations to gather password. They have now access to sentive sites like binary.com and animate the price. They can also listen to phone calls and read text messages. They can alson throw spams and phising emails and fake calls using google voice. There was a remote code execution. My google account was compromised because of the goggle account management feature. using css tricks
,
Oct 14 2016
This is to improve my report Step by step reproduction 1. By simply clicking the email that the attacker sent the poor victim 2. When the poor victim filled up the forms 3. When the poor victim agrees with the terms and condition of the forged site 4. When the poor victim accepts chrome updates from the attacker. Here are additional proofs of the screen shot, As I can see my gmail can be accessed by other servers and there are remote address. Meaning the was a remote access. In this screen shot you could see that the xss protection is 1 and xss protection was blocked. This is a security vulenarbilty. This is really in a critical stage. The attacks can be done by the MITM.
,
Oct 14 2016
This is closed sorry I have deleted it. I have re opened a new case for improving my report. I have deleted some screen shots too.
,
Jan 4 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Sep 24 2016Labels: -Pri-2 Security_Severity-Low Needs-Feedback Pri-3