New issue
Advanced search Search tips

Issue 693477 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: security breach in code from chrome extension

Reported by lbmedias...@gmail.com, Feb 17 2017 


VULNERABILITY DETAILS
looks like a unidentified chrome extension is accessing my msn live account to gain private information this is the link
chrome-extension://liecbddmkiiihnedobmlmillhodjkdmb/css/content.css
VERSION
Chrome Version: [Version 56.0.2924.87] + [stable]
Operating System: [windows 10, and service pack level]

REPRODUCTION CASE

1. go to excelonline
2. inspect source 
3. click on body -then properties then body you will see namespaceURI
"http://www.w3.org/1999/xhtml"
nextElementSibling
:
null
4.chrome-extension://liecbddmkiiihnedobmlmillhodjkdmb/css/content.css
5. 
FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]
Screenshot 2017-02-17 02.04.47.png
319 KB View Download

Comment 1 by elawrence@chromium.org, Feb 17 2017

Status: WontFix (was: Unconfirmed)
It's not clear what security breach you think is occurring?

This is coming from the Loom Chrome extension (https://chrome.google.com/webstore/detail/loom-video-recorder-scree/liecbddmkiiihnedobmlmillhodjkdmb) which injects code into each page you load.

If you don't want this extension anymore, you can remove it or disable it by visiting chrome://extensions/

Comment 2 by lbmedias...@gmail.com, Feb 18 2017 

Thank you I wasnt recording so it was strange that coding was there. Maybe they add the code to every website I come across which is weird to me.
Project Member

Comment 3 by sheriffbot@chromium.org, May 27 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment