New issue
Advanced search Search tips

Issue 672842 link

Starred by 1 user
Status: Duplicate
Merged: issue 181623
Owner: ----
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: Address bar spoofing on Android using long hostnames

Reported by ahmedmehtab009@gmail.com, Dec 9 2016 
Address bar spoofing is a major security issue in past it was discovered by Rafay Baloch a security researcher.

Reference to address bar spoofing : http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-address-bar.html

Right now i have also discovered a vulnerability similar to address bar spoofing where an attacker can send a fabricated link to a victim and if he ( victim ) opens that link in his Android Chrome Browser his url on the address bar will be spoofed.

This type of address bar spoofing affects mobile chrome browsers like android chrome. Where is we as an attacker create a sub-domain like e.g " accountsloginsgn.google.com.pk.madadgaaar.com " and if we open this in android chrome browser Address bar will show us " accountsloginsgn.google.com.pk " as an address while the real sub-domain such as madadgaaar.com would be ignored to the right side while displaying the sub-domain on address bar.


Attack scenarios :-

1- This has been tested on different android mobiles using the latest google chrome browser. Mobile phones like " Infinix Hot 4 " , " Q mobile s4 " , and " Q mobile LT700 " were used and android chrome browser was showing a spoofed url which was actually a sub-domain of a third party website madadgaaar.com 


2- By slightly modifying the url as per mobile condition attacker can code such type of javascript which first gains mobile model information and after redirect user to a url which is justified for that mobile to get it spoofed.

i have also attached some screen shots which shows how it could be used for address bar spoofing. I hope its clear everything its very simple but a critical issue as was discovered in past which needs a must fix / patch on android chrome.
15355875_1806019832971268_1393308180_n.png
35.3 KB View Download
15423695_1806019636304621_1792064142_n.png
78.6 KB View Download
15423758_1806019846304600_84439745_n.png
44.2 KB View Download

Comment 1 by elawrence@chromium.org, Dec 9 2016

Components: UI>Browser>Omnibox
Labels: OS-Android
Summary: Security: Address bar spoofing on Android using long hostnames (was: Security: Address bar spoofing on Android Chrome)

Comment 2 by ahmedmehtab009@gmail.com, Dec 12 2016 

Anyone here who can update me regarding this security issue ?

Comment 3 by wrengr@chromium.org, Dec 12 2016

Labels: M-55 Security_Severity-High Pri-1
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 13 2016

Labels: Security_Impact-Stable

Comment 5 by ahmedmehtab009@gmail.com, Dec 15 2016 

Anyone who can update me regarding this security issue / bug ?

Comment 6 by ahmedmehtab009@gmail.com, Dec 20 2016 

Can anyone let me know if there is anyone who is going to deal with this ??

Comment 7 by est...@chromium.org, Dec 20 2016

Mergedinto: 181623
Status: Duplicate (was: Unconfirmed)
Hi, thanks for the report. It looks like we already have this issue on file, so I'm marking this as a duplicate. I will comment on the original bug to see if we can get someone to fix it.
Project Member

Comment 8 by sheriffbot@chromium.org, Jun 29 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment