New issue
Advanced search Search tips

Issue 649941 link

Starred by 1 user
Status: Duplicate
Merged: issue 594215
Owner: ----
Closed: Sep 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

JavaScript Code Execution from a data URL

Reported by berensja...@gmail.com, Sep 24 2016 


VULNERABILITY DETAILS
JavaScript code is executed when the page is loaded without it being called.
The Script itself is encoded in base64. When the cause is executed the browser automaticly rederects to a local adress data:\...


VERSION
Chrome Version: 53.0.2785.116 m 
Operating System: Windows 8.1 tested extensevly (working on every OS but with different results)

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: Depending on Hardware & OS the Browser freezes
PoC.html
779 bytes View Download

Comment 1 by elawrence@chromium.org, Sep 25 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Mergedinto: 594215
Status: Duplicate (was: Unconfirmed)
Summary: JavaScript Code Execution from a data URL (was: Security: JavaScript Code Excution without being called propperly)
At present, Chrome is behaving as expected here. The page in question uses a META REFRESH to navigate to a DATA URI, and that Chrome supports this is expected.

Having said that, Chrome is looking at changing behavior to forbid this as it is often misused. That change is tracked in 594215.

Sign in to add a comment