Issue 722726 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 722733
Owner:	----
Closed:	May 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security:chrome flash default-disbaled bypass

Reported by raeder...@gmail.com, May 16 2017

Issue description

VERSION
Chrome Version:58.0.3029.110 stable
Operating System: Windows 10 enterprise

VULNERABILITY DETAILS
chrome version 58 disabled flash execution by default
if user want to use flash,he must click the flash area and confirm the notice window
to open it.
but this bug shows a way to make a redirection between two pages
without any notice to open it and make an attack.
need user iteract --- click jacking(make a small game)
click about 300 times and the flash could execute

REPRODUCTION CASE

please put them on a local webserver, i used apache + php
and use the new.html to performance this attack
the result.png shows the attack result

Comment 1 by raeder...@gmail.com, May 16 2017

i'm sorry to use a wrong email of my friends
i dont know how to delete this issue so that please view my post

Comment 2 by elawrence@chromium.org, May 16 2017

Mergedinto: 722733
Status: Duplicate (was: Unconfirmed)

Project Member

Comment 3 by sheriffbot@chromium.org, Nov 7 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 722726 link

Issue metadata

Security:chrome flash default-disbaled bypass

Issue description

Comment 1 by raeder...@gmail.com, May 16 2017

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, May 16 2017

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Nov 7 2017

Comment 3 Deleted

Sign in to add a comment