New issue
Advanced search Search tips

Issue 736657 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: VPN vulnerability

Reported by dave07...@gmail.com, Jun 25 2017

Issue description


VULNERABILITY DETAILS
When a vpn extension is installed and enabled on google chrome, there is a possibility to display adds and redirect users to a fake version of chrome adds (affects Google.com, youtube.com, and opening new tabs), as well as has different spam pages show up after starting a download. 

VERSION
Chrome Version: Version 58.0.3029.110 (64-bit) + stable
Operating System: Windows 10 version 1703 (KB4022725)

It may be a virus on my computer, however malwarebytes and bitdefender have not picked it up. URL that is redirected to is: https://chromeupdates.win/search.html

Will occasionally try crash browser by causing infinite loop. 

 
Status: WontFix (was: Unconfirmed)
Please use chrome://extensions to uninstall all suspicious looking extensions from Chrome. Otherwise, this forum is for bugs in Chrome itself; abusive extensions should be submitted through the Chrome web store on the "Details" page for the extension in question.

Comment 2 by dave07...@gmail.com, Jun 26 2017

No no, the extension was Betternet, which is a pretty well trusted extension. Other users have reported having a VPN (besides Betternet, but still well known like ultra surf, etc.) installed also causes the same malware type behavior. This leads me to believe that there is some vulnerability in Chrome's VPN implementation. I apologize that I can't provide a better way to recreate, but I am not sure how it happened, nor am I a white hat hacker to figure it out. If you want, I can provide a memory dump with this occurring though.
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment