Issue 711197 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 709365
Owner:	----
Closed:	Apr 2017
Components:	Blink>SecurityFeature>XSSAuditor
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
Via-Wizard-Security

XSS Auditor bypass with link + SVG animations

Reported by prathees...@gmail.com, Apr 13 2017

Issue description

UserAgent: Mozilla/5.0 (Linux; Android 7.1.1; MotoG3 Build/NMF26V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.132 Mobile Safari/537.36

Steps to reproduce the problem:
1. Open chrome
2. Execute the code
3. 

What is the expected behavior?

What went wrong?
Just found a way to bypass xss auditor in the chrome

Did this work before? N/A 

Chrome version: 57.0.2987.132  Channel: stable
OS Version: 
Flash Version:

	IMG_20170413_135513.jpg 21.3 KB View Download

Comment 1 by elawrence@chromium.org, Apr 13 2017

Components: Blink>SecurityFeature>XSSAuditor
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Summary: XSS Auditor bypass with link + SVG animations (was: Found a way to bypass the xss auditor)

This appears to be an exact duplicate of a fixed bug that was just made public?

 Issue 709365

Comment 2 by mkwst@chromium.org, Apr 19 2017

Mergedinto: 709365
Status: Duplicate (was: Unconfirmed)

I agree. :)

►

Issue 711197 link

Issue metadata

XSS Auditor bypass with link + SVG animations

Issue description

Comment 1 by elawrence@chromium.org, Apr 13 2017

Comment 1 Deleted

Comment 2 by mkwst@chromium.org, Apr 19 2017

Comment 2 Deleted

Sign in to add a comment