This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Is function xhttp.open("GET", "ajax_info.txt", true); secured for Shell Shock Bug?

VERSION
Chrome Version: [55.0.2883.87] + [m]
Operating System: [Windows 8.1 Pro]

REPRODUCTION CASE
1. Install Google Chrome
2. Go to http://www.w3schools.com/xml/tryit.asp?filename=tryajax_first web page
3. In 19 line change xhttp.open("GET", "ajax_info.txt", true); to xhttp.open("GET", '() { :;}; echo(ls -la)', true);
4. Press 'Run'
4. If server runs on Linux there is possibile that Command return list.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]