Issue metadata
Sign in to add a comment
|
Security: Address bar spoof in Chrome for Android
Reported by
struk...@gmail.com,
Nov 12 2016
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS The Chrome browser is vulnerable to a URL spoofing issue due to the fact that, if a URL with an unreachable port is directly loaded into the address bar, via a copy/paste or if it's typed, the URL remains there until a timeout occurs, while the document is still unchanged and is active and accessible. VERSION Chrome Version: 54.0.2840.85 Operating System: Android 4.4.2 REPRODUCTION CASE 1- Open http://strukt.tk/pocs/brave/chromes.html in Chrome browser on Android. 2- Follow the instructions explained in the above link. 3- Notice that the URL is changed to http://www.facebook.com:83, while the document body contains "Not Facebook". Regards
,
Nov 14 2016
Hi, we don't consider it a security bug that the address bar shows what the user entered while it is loading - for more information, see the discussion in issue 325099 .
,
Feb 21 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by struk...@gmail.com
, Nov 12 2016