Issue metadata
Sign in to add a comment
|
Security: Malicious Chrome tab crashing results in disabled antivirus
Reported by
j...@henderson3.net,
Jul 6 2017
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home /chromium-security/security-faq Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS Malicious popup is able to crash Chrome tab and disable Windows Defender. VERSION Chrome Version: 59.0.3071.115 + stable Operating System: Windows 10 version 1607 REPRODUCTION CASE A popup at the URL http://digiboko.online/am.php?pubid=76535_85279&clickid=FPMYxTD4Yes&country=at&v=1559206473 was able to force Chrome into full screen mode, and repeated confirm() javascript dialog boxes made it impossible to exit (even unable to check the "prevent page from create additional dialogs" checkbox). The page attempts to install a malicious extension from the Chrome store (already reported). Eventually, the tab crashes along with AdBlock extension, and somehow Windows Defender was able to be disabled. Still reviewing if any further damage has been done. The HTML output of this malicious page is attached. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: tab Crash State: [see link above: stack trace, registers, exception record] Client ID (if relevant): [see link above]
,
Jul 14 2017
elawrence: this site still seems to be working. I escalated internally for review. I think all of the issues themselves are known issues. The cursor issue seems particularly nasty here though.. Given that we don't have a crash report I'm closing this for now.
,
Oct 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jul 6 2017