New issue
Advanced search Search tips

Issue 696383 link

Starred by 0 users
Status: WontFix
Owner: ----
Closed: Mar 2017
Cc:
kerrnel@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chrome tab cannot be closed

Reported by ja...@jayme.ca, Feb 27 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce the problem:
1. visit http://w4852.ru/canad111/index.php?Repair
2. chrome 53 will not allow you to close the tab - hopefully nobody is actually dumb enough to ACTUALLY install the extension

What is the expected behavior?
closing the tab should not be prevented

What went wrong?
Chrome will not let you close the tab*

*unless you press esc f12 open debugger and delete the html element contents such that there is no javscript to run anymore

Did this work before? N/A 

Chrome version: 56.0.2924.87  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by ja...@jayme.ca, Feb 27 2017 

Attached an har capture from the debug...

Comment 2 by kerrnel@chromium.org, Feb 27 2017

Cc: kerrnel@chromium.org
Labels: Needs-Feedback
Thanks for the report, but a few things. You mention Chrome 53, but that is out-of-date. Did you in fact use 56.0.2924.87 for this? Secondly, the URL provided results in a 404. Can you please provide updated information to reproduce?

Comment 3 by ja...@jayme.ca, Feb 27 2017 

Hi,

I attached the XHR which had the request and response content that should be usable to reproduce the attack.

It was indeed chrome 56.
w4852.ru.har
144 KB Download

Comment 4 by kerrnel@chromium.org, Feb 27 2017

Labels: -Needs-Feedback

Comment 5 by kerrnel@chromium.org, Feb 27 2017

Labels: Needs-Feedback
Thanks for the .har but do you have a webpage that can reproduce the problem? That is a more effective way for the security team to analyze this report.

Comment 6 by ja...@jayme.ca, Feb 27 2017 

I can try to re-create a similar website on one of my servers somewhere using the code contained in the HAR... I'd rather not proliferate and host this publicly though...

Comment 7 by vakh@chromium.org, Mar 6 2017

Status: WontFix (was: Unconfirmed)
I tried to reproduce the problem using the attached HAR file and haven't been able to reproduce any problem.

Please feel free to re-open the bug if you have a PoC to reliably reproduce it. Thanks.
Project Member

Comment 8 by sheriffbot@chromium.org, Jun 13 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment