Issue 655896 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Oct 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security

Security: Status Bar Obfuscation

Reported by ajduman...@gmail.com, Oct 14 2016

Issue description

In this issue, Google Chrome's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website.

Products affected:

Google Chrome version 53.0.2785.143

Steps To Reproduce:

Open the HTML file
You will see a hyperlink of google.com, So hover your mouse.
See the Status Bar(located at the lower left of the browser) and you will see the link where it should be redirected
Now, click the hyperlink and you will be redirected to another website which is not the expected website.

test.html
219 bytes View Download

Comment 1 by mmoroz@google.com, Oct 14 2016

Labels: Needs-Feedback

Thanks for your report. Could you please elaborate what is the security impact of this trick?

Comment 2 by mbarbe...@chromium.org, Oct 14 2016

Labels: -Restrict-View-SecurityTeam -Needs-Feedback
Status: WontFix (was: Unconfirmed)

The status bubble is not intended to be a security feature. It is known to be trivially spoofable. See https://www.chromium.org/user-experience/status-bubble#TOC-Lack-of-Security

►

Issue 655896 link

Issue metadata

Security: Status Bar Obfuscation

Issue description

Comment 1 by mmoroz@google.com, Oct 14 2016

Comment 1 Deleted

Comment 2 by mbarbe...@chromium.org, Oct 14 2016

Comment 2 Deleted

Sign in to add a comment