Address bar spoofing
Reported by
whitehat...@gmail.com,
Oct 23 2016
|
||||
Issue descriptionSteps: 1)Visit http://jsfiddle.net/dy4swq4o/show. 2) click the "Click here to be redirected" button 3) Android chrome browser will open a new tab with the browser pointing to about:blank in the address bar, which makes the victim believe that they are infact visiting a legitimate website, however in reality the page is not hosted on google.com. 4) As soon as the victim enters his/her credentials, they are sent to attacker.com. Here google.com/csi should give 404 error But here it opens about:blank containing fake gmail login REFRENCE: CVE 2015-3830 Poc credits: http://www.rafayhackingarticles.net/2015/05/android-browser-address-bar-spoofing-vulnerability.html?m=1
,
Oct 24 2016
I'm not sure why is this called an URL spoof. The omnibox is clearly showing "about:blank", which is definitely not google.com. Yes, writing content into a page can trick the user, but it will be considered URL spoof if the URL was indeed showing google.com and the data inside the content area was *not* coming from google.com
,
Oct 24 2016
Nasko's right: the URL is correctly reset from https://www.google.com to about:blank when the attacker's content is injected into it (per the work from issue 9682 ). about:blank is not an "all is well" origin as mentioned in step 3-- it could be created by any web site, so it does not indicate that you're on the site you expect to be. I don't think there's anything to do here, beyond considering ways to better convey what origin is controlling the about:blank page (e.g., issue 595520).
,
Jan 31 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by battre@chromium.org
, Oct 24 2016Components: Security
Labels: Restrict-View-SecurityTeam
Owner: jsc...@chromium.org