Issue 679267 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 657380
Owner:	----
Closed:	Jan 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug

Security: Universal XSS - Googlechrome

Reported by mrbasl...@gmail.com, Jan 9 2017

Issue description

VULNERABILITY DETAILS
Found an universal XSS by editing  a bookmark.
VERSION
Chrome Version: Version 55.0.2883.87 m (64-bit)
Operating System: Windows 10 Home

REPRODUCTION CASE
1. Edit a saved bookmark to;
Name: Any
URL: javascript:alert(document.domain)
2. Go to any website, ie, google.com, click the edited bookmark. XSS will trigger.

Unlisted PoC: https://youtu.be/-cOrEb3R1GE

Comment 1 by mrbasl...@gmail.com, Jan 9 2017

google xss.WMV
20.4 MB Download

Comment 2 by mmoroz@chromium.org, Jan 9 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Mergedinto: 657380
Status: Duplicate (was: Unconfirmed)

Duplicate and not a valid security issue. Please take a look at  issue 657380 .

►

Issue 679267 link

Issue metadata

Security: Universal XSS - Googlechrome

Issue description

Comment 1 by mrbasl...@gmail.com, Jan 9 2017

Comment 1 Deleted

Comment 2 by mmoroz@chromium.org, Jan 9 2017

Comment 2 Deleted

Sign in to add a comment