New issue
Advanced search Search tips

Issue 697124 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Google chrome (windows) and chrome(android) xss vulnerability

Reported by chauhanv...@gmail.com, Feb 28 2017

Issue description

i have discovered XSS vulnerability in google chrome address bar / search bar here is 
VULNERABILITY DETAILS

VERSION
Chrome Version: [56.0.2924.87] + [stable] [ for mobile (56.0.2924.87)]
Operating System: [windows 8.1 pro 32 Bit] [for mobile (android os 6.0.1 , device MI Note 3)

REPRODUCTION CASE
the steps to reproduce 
  windows
1) open google chrome and insert this javascript:alert('xss'); and submit this and you will get alert as it shows that i can able to execute scripts here 

android chrome browser 
 1) open google.com first 
 2) then insert same javascript:alert('xss'); in address bar or search bar and the script will open a popup so here also i can execute scripts


 
chrome.zip
62.8 KB Download
Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
Allowing the user to manually run JavaScript from the address bar is a deliberate feature, not a vulnerability in the browser. 

For further discussion, please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Does-entering-JavaScript:-URLs-in-the-URL-bar-or-running-script-in-the-developer-tools-mean-there-s-an-XSS-vulnerability-

Sign in to add a comment