New issue
Advanced search Search tips

Issue 656236 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: Status Bar Obfuscation

Reported by chennama...@gmail.com, Oct 15 2016 
Summary:

In this issue, Brave's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website.

Products affected:

Latest Version of Google Crome
Steps To Reproduce:

Open the HTML file
You will see a hyperlink of google.com, So hover your mouse.
See the Status Bar(located at the lower left of the browser) and you will see the link where it should be redirected
Now, click the hyperlink and you will be redirected to another website which is not the expected website.
google.png
16.6 KB View Download
test.html
222 bytes View Download

Comment 1 by mmoroz@chromium.org, Oct 15 2016

Labels: Needs-Feedback
Can you elaborate a security impact here?

Comment 2 by chennama...@gmail.com, Oct 15 2016 

This bug allows users to think that they are clicking google.com link but they get redirected to other site 

:)

Comment 3 by mbarbe...@chromium.org, Oct 22 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
The status bubble is not considered a security indicator, and we make no attempt to prevent spoofing here. See https://www.chromium.org/user-experience/status-bubble#TOC-Lack-of-Security for more information.

Sign in to add a comment