VERSION
Chrome Version:58.0.3029.110 stable
Operating System: Windows 10 enterprise

In the last issue i did not make a clearly description of this security bug
So that make some mistakes
I modify the description and add the source code of Designed-Flash-File

VULNERABILITY DETAILS
Chrome version 58 disabled flash execution at most time
Flash could not execute without user's permission
But,with this Issue,Flash Player is being enabled without any notifications to the user.
Once the flash player is enabled,Hacker could use this bug and a Designed-Flash-File to perform an Cross-Domain-CSRF
With further vulnerability from Flash side, it might leak user's private information and even potentially allow remote execution

REPRODUCTION CASE

new.html is used to repreduce this Security bug
After about 300 times click ,flash player is enabled without user's permission
The result.png shows the flash player is enabled
And evil.cs is the source code of Designed-Flash-File
Load the swf,and use FlashVars to send the param
Which used to perform an Information-Stolen or CSRF attack
 
 

Deleted: evil.as 1.0 KB

evil.as 1.0 KB View Download

Deleted: result.png 20.3 KB

	result.png 20.3 KB View Download

Deleted: new.html 825 bytes

new.html 825 bytes View Download

Deleted: index.html 14 bytes

index.html 14 bytes View Download

Deleted: x.html 109 bytes

x.html 109 bytes View Download