Issue metadata
Sign in to add a comment
|
Security: Mac-only form field validation bubbles can appear after navigating to another origin
Reported by
chromium...@gmail.com,
Jul 19 2017
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 61.0.3159.0 (Official Build) canary (64-bit) Operating System: Mac See issue 673163 and issue 704560 REPRODUCTION CASE 1. Open the test case. 2. Keep clicking on the button. 3. After two seconds, observe the field validation bubble can appears after navigating to google.com. Note: I couldn't repro this on Windows and Linux.
,
Jul 19 2017
I cannot reproduce this, but I looked at the video. Why do you feel this is a security bug and not a general purpose bug?
,
Jul 19 2017
This is a hypothetical attack, evil.com can open an OAuth page and display a "You should click accept" dialog on that tab, which would be bad. I think this is medium as issue 713686 based on https://crbug.com/673163#c19
,
Jul 19 2017
Thank you for providing more feedback. Adding requester "kerrnel@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 19 2017
tkent@, since you handled 713686 can you look at this and let me know what you think?
,
Jul 19 2017
I reproduced this, and confirmed this was already fixed if we enabled chrome://flags/#enable-experimental-web-platform-features . We're going to enable the flag for new implementation soon.
,
Oct 26 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jul 19 2017Labels: OS-Mac