New issue
Advanced search Search tips

Issue 702935 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Chrome on Android hides omnibox on scroll, enabling spoofing

Reported by markhork...@gmail.com, Mar 18 2017 
We know about the behavior of Google Chrome where if we open any web page and scroll down over the web page its address bar would hide itself. Using this weakness that address bar hides itself on Google Chrome in Android we can use tricks like using an image of fake address bar and stick it with scrolling so when a user would scroll down that image would replace the hidden address bar as soon as user scrolls down.

Please check the given link www.guanacastebuilders.com/pm/add_files/admin_pic/test.html here if any user opens this in android chrome and scrolls down where address bar would hide itself and fake image based address bar would replace it. It could be very useful in successful social engineering attacks.

Comment 1 by elawrence@chromium.org, Mar 19 2017

Summary: Security: Chrome on Android hides omnibox on scroll, enabling spoofing (was: Security: Android Based Google Chrome Address Bar Spoofing Trick)

Comment 2 by tsepez@chromium.org, Mar 20 2017

Status: WontFix (was: Unconfirmed)
This is a well-known issue and an deliberate UI tradeoff.  There's undoubtedly an earlier bug about this, but I didn't find it with a quick search of the bug tracker.
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 27 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment