Issue metadata
Sign in to add a comment
|
Security: foreign link disguised as google search went undetected
Reported by
sti...@gmail.com,
May 1 2017
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Foreign link disguised as google search link went undetected. VERSION Version 58.0.3029.81 (64-bit) Operating System: Win 10 home 64 bit REPRODUCTION CASE If you copy-paste this URL: https://www.google.com/url?sa=t&url=%68%74%74%70%3A%2F%2F%65%79%74%79%2E%72%75&usg=AFQjCNFt5Ygu2XIToaTq4JaZejScRlmatQ You will end up at some credit card fraud website instead of what appears to be a google search. I tried changing the URLencoded url (to bing.com) and I tried omitting the usg parameter. In both those cases, chrome will detected the redirect and ask me to confirm, showing me the actual link. Which is the desired behaviour. But for me, this URL as I pasted it here managed to skip that screen. I received the link via a typical skype spam virus.
,
Aug 8 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, May 1 2017