This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
You have exposed css and Javascript here:


1) search in Google  Shopping "teva sandals men" 

2) click the black sandals that say they're from Nordstrom rack. 

3) click on more details, or notice already that css is leaked. Clicking on more details exposes information about endpoints and just raw Javascript. 

VERSION
Chrome Version: [idk] + [stable]
Operating System: [Android] 

REPRODUCTION CASE

1) search in Google  Shopping "teva sandals men" 

2) click the black sandals that say they're from Nordstrom rack. 

3) click on more details, or notice already that css is leaked. Clicking on more details exposes information about endpoints and just raw Javascript. 


FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]