New issue
Advanced search Search tips

Issue 685438 link

Starred by 1 user
Status: Duplicate
Merged: issue 678035
Owner:
caseq@chromium.org
Closed: Sep 2017
Cc:
dgozman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: chrome-devtools protocol allows to read the content of C:\ drive via watchExpression

Reported by chromium...@gmail.com, Jan 26 2017 
VERSION
Chrome Version 58.0.2992.0 canary (64-bit)
Operating System: Windows 7

This is similar to  issue 618037 .

REPRODUCTION CASE
1. Navigate to the link below.
2. Navigate to chrome-devtools://devtools/remote/serve_rev/@199588/devtools.html
3. Open Devtools >> switch to Sources panel >> Click on "Watch" and observe.
chrome-devtools .txt
1.6 KB View Download

Comment 1 by elawrence@chromium.org, Jan 26 2017

Components: Platform>DevTools

Comment 2 by dominickn@chromium.org, Jan 26 2017

Labels: Security_Severity-Low Security_Impact-Head OS-Chrome OS-Linux OS-Mac OS-Windows Pri-1
Owner: dgozman@chromium.org
Status: Assigned (was: Unconfirmed)
dgozman: Can you please triage?
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 26 2017

Labels: -Pri-1 Pri-2

Comment 4 by dgozman@chromium.org, Jan 27 2017

Cc: dgozman@chromium.org
Owner: caseq@chromium.org

Comment 5 by caseq@chromium.org, Sep 22 2017

Mergedinto: 678035
Status: Duplicate (was: Assigned)
This is the same problem as  issue 678035  and was fixed along with it.
Project Member

Comment 6 by sheriffbot@chromium.org, Dec 29 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment