New issue
Advanced search Search tips

Issue 656749 link

Starred by 3 users
Status: Duplicate
Merged: issue 81697
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

JavaScript URLs can be executed from the omnibox

Reported by raj....@gmail.com, Oct 17 2016 

VULNERABILITY DETAILS
Identified reflected XSS in chrome browser. attached simple video for XSS.
Submitting as a heads up, will try to work on exploit in some time.

Verified with other browser like IE, and it's working as expected by fetching the search results.


VERSION: Identified in multiple versions
Chrome Version: 53.0.2785.143 m
Chrome Version: 49.0.2623.112 m


Operating System: Windows 10

REPRODUCTION CASE
Please find the attached video for reference.
Goog_Crm_XSS_Cookie.zip
214 KB Download
Goog_Crm_XSS.zip
164 KB Download

Comment 1 by elawrence@chromium.org, Oct 17 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Summary: JavaScript URLs can be executed from the omnibox (was: Security: XSS Issue in Chrome)
Typing a JavaScript URL in the omnibox and having it execute in the context of the currently loaded page is working as intended.

Chrome (and other browsers) does undertake some efforts to prevent *paste* of script URLs in the omnibox (to limit social-engineering: https://blogs.msdn.microsoft.com/ieinternals/2011/05/19/socially-engineered-xss-attacks/) but users are free to invoke script against themselves using either the address bar or the DevTools console.

Comment 2 by elawrence@chromium.org, Oct 25 2016 

 Issue 659019  has been merged into this issue.

Comment 3 by elawrence@chromium.org, Oct 9 2017 

 Issue 772821  has been merged into this issue.

Comment 4 by elawrence@chromium.org, Feb 22 2018

Mergedinto: 81697
Status: Duplicate (was: WontFix)

Sign in to add a comment