New issue
Advanced search Search tips

Issue 744357 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security - Chrome Client DoS vulnerability

Reported by chenhuij...@gmail.com, Jul 17 2017 
VULNERABILITY DETAILS
when access the following url:
https://www.google.com.sg/webhp?num=100&biw=1271&bih=733&gws_rd=cr&ei=X2VsWdXYBsf-8QWYubLgDg#36;&oq=%26%2336%3B&gs_l=psy-ab.12..0l4.1364.1364.0.2532.1.1.0.0.0.0.107.107.0j1.1.0....0...1.1.64.psy-ab..0.1.106.BfuxLpnofKc

The Chrome browser will fresh the page without stop.
If an attacker give this link to a group of victims , it may cause large traffic DoS to Google site.

I think that "ei=X2VsWdXYBsf-8QWYubLgDg#36;" which is not base64 format may cause this vulnerability.

VERSION
Chrome Version: [59.0.3071.115](win 32bit)
Operating System: [Windows, Windows 7, SP1]

REPRODUCTION CASE
https://www.google.com.sg/webhp?num=100&biw=1271&bih=733&gws_rd=cr&ei=X2VsWdXYBsf-8QWYubLgDg#36;&oq=%26%2336%3B&gs_l=psy-ab.12..0l4.1364.1364.0.2532.1.1.0.0.0.0.107.107.0j1.1.0....0...1.1.64.psy-ab..0.1.106.BfuxLpnofKc

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
NA

Comment 1 by elawrence@chromium.org, Jul 17 2017

Status: WontFix (was: Unconfirmed)
Fortunately, Google.com handles floods of requests really well, so this bug in the script is not an issue that will cause any problems.

Markup that refreshes the browser is not a security vulnerability, and this link doesn't have any interesting bad behavior (the user can freely close the tab, etc).
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 24 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment