New issue
Advanced search Search tips

Issue 656031 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

This is a multiple vulberabilty

Reported by cmarkta...@gmail.com, Oct 14 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

Steps to reproduce the problem:
1. By simply clicking the email that the attacker sent the poor victim
2. When the poor victim filled up the forms
3. When the poor victim agrees with the terms and condition of the forged site
4. When the poor victim accepts chrome updates from the attacker.

What is the expected behavior?
I have found multiple vulnerabilities.

This is a xss in crsf attack.
This is a crossite scriipting attack which tricked the victim because html was used as style sheet. The xss vulnerabilities that exsit on the same domain/port causes the protect token to fail. Because the scripts executed via xss in the victim's browser is capable of reading the crsf protection token and thus execute crsf attack. Remote code execution was used to put sql injection vulnerabilities to throw an error to the victims server. 

These codes causes crossdomain and crossbrowser vulnerabilities the effect is when I open a new tab and log on my online banking for example. The attacker can use this information disclosure bug to get access to the victim's most sentive, confidential and personal information. This can be done by the attacker by simply sending an email to the poor victim. Since xss vulnerabilities are present on the browser this can be inherrited by other devices that the poor victim is using by simply logging in an the email account. This is a critical vulnerabilty because this welcomes other types of vulnerabilies. For example the poor victim logged in on his/her social network account and the attacker already forged this site. By simply liking a post the poor victim already fell in clickjacking and many more. 

What went wrong?
My gmail can be accessed to the servers that I don't know. My gmail account might be compromised. There was an error 404 and there was an unsual traffic error. The attacker can view my online banking and can do more damage.

Did this work before? Yes 52

Chrome version: 53.0.2785.143  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 23.0 r0

This is a critical tyoe of security bug
Remote code execution in page inspection.png
200 KB View Download
Network inspcetion.jpg
190 KB View Download

Comment 1 by elawrence@chromium.org, Oct 14 2016

Status: WontFix (was: Unconfirmed)
None of the claims in the original report are substantiated by any of the attached data. There's a screenshot of Gmail with the dev console and the network panel open, but no indication of malicious activity in either location.

If you have an example of a malicious email that accomplishes any of the claims, please attach it to the bug. If you have a network capture of the claimed XSS/CSRF, please attach it to the bug (https://dev.chromium.org/for-testers/providing-network-details).
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 21 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment