Issue metadata
Sign in to add a comment
|
Security: Chrome Browser hijacking issue from domains of Retailboy and Verosmedia
Reported by
coolshi...@gmail.com,
Jun 12 2017
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Some users when using browser Google Chrome: Version 59.0.3071.86 (Official Build) (64-bit) on the site mail.yahoo.com seems to get redirect to suspicious site of Retailboy and Verosmedia. This seems to start with Chrome browser and with no new local apps installed the user logged in session on Yahoo mail is redirected to above suspicious site without user consent. The redirection happens when user has multiple tabs and the focus is set to another tab or window leaving the yahoo mail session tab active. VERSION Chrome Version: [59.0.3071.86] + [stable] Operating System: [Windows 7, version: 6.1, and service pack 1] REPRODUCTION CASE This seems to have popped up recently in internet and probably will spread massively as the vulnerability is open and still cannot be fixed by World's Strongest Anti malware app: Malwarebytes Antimalware. There has been serious discussions on this issue with respect to Chrome browser See the details here: https://forums.malwarebytes.com/topic/201955-incredibly-perplexing-browser-redirect-god-level-expert-needed/ The issue has also been reported to email provider yahoo but nothing of this sort have ever been caught. Probably the hacker(s) or Corporation(s) misusing this vulnerability in Chrome (alteast) are using the loophole of redirection straight from session signed in browser (probably with help of cookie or Javascript) without installing any addons or installers.
,
Jun 12 2017
I am an advanced user. I will run the above 2 steps tonight and will update this thread. Please leave this thread open
,
Jun 12 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 12 2017
,
Jun 14 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 14 2017
A net-internals log from when the redirect happens would be most useful. Did you run the Chrome cleanup tool and did that fix the problem? If so, it would suggest that the problem is malware on your machine and not a vulnerability in Chrome.
,
Jun 15 2017
I didn't run yet but ran Hitman Pro which cleaned some tracking cookies. So far no site redirection has happened but would keep an eye on it. What do you say?
,
Jun 15 2017
Thank you for providing more feedback. Adding requester "estark@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 15 2017
Unfortunately there's not much we can do to help if you can't reproduce the problem. I recommend running the Chrome cleanup tool (https://www.google.com/chrome/cleanup-tool/index.html) to clean up your machine. If you see the problem again and can capture a net-internals logs, then we'll happily take a look at it to see if there's more we can do.
,
Sep 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jun 12 2017