Issue 729273 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jun 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Google Doodle Champions Trophy highest score can be changed

Reported by niro.nir...@gmail.com, Jun 3 2017

Issue description

VULNERABILITY DETAILS
Google Doodle Champions Trophy highest score can be changed 

VERSION
Chrome Version: 58.0.3029.110
Operating System: Windows 10

REPRODUCTION CASE
Go to google.lk or https://www.google.com/doodles/icc-champions-trophy-2017-begins 
Write click and enter the following in console window:
localStorage.setItem('doodle-cricket17-score', '1000')

Since the highest score is 999, it can be set to that. 

Since there are competitions organized by trusting google doodle, someone can easily manipulate the highest score and win the competition. This spoils the fun of doodle games. 

Screenshots Attached.

	doodle highest score.png 77.0 KB View Download

	competition.png 247 KB View Download

Comment 1 by elawrence@chromium.org, Jun 3 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)

Yes, Developer Tools are powerful and can change any aspect of HTML/JavaScript based games. This doesn't represent a security vulnerability in the browser.

►

Issue 729273 link

Issue metadata

Security: Google Doodle Champions Trophy highest score can be changed

Issue description

Comment 1 by elawrence@chromium.org, Jun 3 2017

Comment 1 Deleted

Sign in to add a comment