Issue 714429 link

Starred by 0 users

Issue metadata

Status:	Duplicate
Merged:	issue 657380
Owner:	----
Closed:	Apr 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: vulnerability: XSS in browser chrome via bookmark option

Reported by sam9...@gmail.com, Apr 23 2017

Issue description

VULNERABILITY DETAILS
The bookmark section of the browser helps executing XSS.

VERSION
Chrome Version: [56.0.2924.79] 
Operating System: [Windows 10]

REPRODUCTION CASE
1. I bookmarked a link say www.google.com
2. I right clicked the bookmarked link and set an XSS payload 
3. Under URL , I changed the same to javascript:alert(document.cookie)
4. Now I visit any site and click on the bookmark I made, its popping the cookie of the particular website.

	POC1.JPG 38.8 KB View Download

	POC2.JPG 47.0 KB View Download

Comment 1 by elawrence@chromium.org, Apr 24 2017

Mergedinto: 657380
Status: Duplicate (was: Unconfirmed)

This is working as expected. See
https://bugs.chromium.org/p/chromium/issues/detail?id=657380#c1 for discussion.

Project Member

Comment 2 by sheriffbot@chromium.org, Aug 22

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 714429 link

Issue metadata

Security: vulnerability: XSS in browser chrome via bookmark option

Issue description

Comment 1 by elawrence@chromium.org, Apr 24 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Aug 22

Comment 2 Deleted

Sign in to add a comment