New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 709418 link

Starred by 1 user
Status: Duplicate
Merged: issue 709417
Owner:
mgiuca@chromium.org
Long OOO (go/where-is-mgiuca)
Closed: Apr 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: Address Bar Spoofing

Reported by rayyan...@gmail.com, Apr 7 2017 
Chrome Version: [56] + [Dev] + Chrome Canary
Operating System: [Android 4.1.2] 


Impact and Risk: the URL bar is the only reliable security indicator in browsers and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious website due to the fact that it could easily lead the users to believe that they are visiting is legitimate website as the address bar points to the correct website.

Reproduction Instructions/Proof of Concept:

1) Post the following link in the status bar: 127.0.0.1/ا/http://attack.com


2) You would notice that the URL has been flipped from Right to left and the status bar dispays http://attack.com/‭ا/127.0.0.1 while it displays the content from the IP address.

Suggested Fix: This bug does not work on iOS devices, hence, the screenshot was taken from an iOS device of google chrome which shows that URL must be shown like this.
Chrome Dev.jpg
34.0 KB View Download
Chrome Canary.jpg
34.2 KB View Download
Suggested Fixture.jpg
24.1 KB View Download
PoC.jpg
17.7 KB View Download

Comment 1 by elawrence@chromium.org, Apr 7 2017 

This appears to be the same repro as Issue 708981 ?

Comment 2 by rayyan...@gmail.com, Apr 7 2017 

Yes, But in iOS - The bug is fixed but not completely fixed (watch the video provided to make this confusion clear).. But here, the bug is working fully as illustrated. Plus, I've written Andriod 4.1.2 ( I was testing on it) but it obviously works on all android versions.

Comment 3 by rayyan...@gmail.com, Apr 9 2017 

Hi, Make the OS Android 6.0 - As it was again tested in it, therefore, it works there! thanks!

Comment 4 by dominickn@chromium.org, Apr 10 2017

Components: UI>Browser>Omnibox
Labels: Security_Severity-Low Security_Impact-Head OS-Android
Owner: mgiuca@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 5 by rayyan...@gmail.com, Apr 10 2017 

Hi, Isn't the Security Severity is high/medium even after describing the impact and risk?
Project Member

Comment 6 by sheriffbot@chromium.org, Apr 10 2017

Labels: Pri-2

Comment 7 by mgiuca@chromium.org, Apr 12 2017

Mergedinto: 709417
Status: Duplicate (was: Assigned)
This is exactly the same as the issue you reported in  Issue 709417 . You don't need to report the issue separately on each channel of Chrome.
Project Member

Comment 8 by sheriffbot@chromium.org, Aug 5 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment