New issue
Advanced search Search tips

Issue 700665 link

Starred by 1 user
Status: Duplicate
Merged: issue 626951
Owner: ----
Closed: Mar 2017
Cc:
ios-bugs@chromium.org
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chrome any site redirects jump (Userinfo in URLs is confusing)

Reported by cisk33...@gmail.com, Mar 11 2017 
Steps to reproduce the problem:
1. Open the following poc in the ios version of Chrome:
    http://www.google.com@apple.com

2. Can be achieved by jumping to apple.com

3. Replace google.com with an attacked site
   Replace apple.com with the attacker's website

   Can achieve any site jump

What is the expected behavior?
Can be achieved by jumping to apple.com

What went wrong?
In the ios version of Chrome is not on the back of the site, prompt operation (pc version of Chrome also exist
in)

ios videoļ¼š
https://drive.google.com/open?id=0B9ddY8WLTiI6Qk5GUmlBWGFQQ0k

Did this work before? N/A 

Chrome version: 56.0.2924.79  Channel: stable
OS Version: 10.2.1
Flash Version: 

Fix suggestions: 1.pc version of Chrome as Firefox prompts users
                 2.ios version of Chrome as Safari as prompted users
test3.html
143 bytes View Download

Comment 1 by elawrence@chromium.org, Mar 11 2017

Mergedinto: 626951
Status: Duplicate (was: Unconfirmed)
Summary: Chrome any site redirects jump (Userinfo in URLs is confusing) (was: Chrome any site redirects jump)
Please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Is-Chrome-s-support-for-userinfo-in-HTTP-URLs-e.g.-http:-user:password-example.com-considered-a-vulnerability- for discussion of why this is not a security vulnerability.
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 18 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment