New issue
Advanced search Search tips

Issue 755837 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
ios-bugs@chromium.org
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: iOS Spoofing location object by overriding Symbol.toPrimitive

Reported by chromium...@gmail.com, Aug 16 2017 
VERSION
Chrome Version: 61.0.3163.25 beta
Operating System: iOS

The following PoC shows that an attacker might be able to get victim's secret data using this behavior:

https://l0.cm/chrome_location_spoofing_symbol_toPrimitive.html
screenshot.jpeg
30.6 KB View Download

Comment 1 by elawrence@chromium.org, Aug 16 2017

Labels: OS-iOS
Summary: Security: iOS Spoofing location object by overriding Symbol.toPrimitive (was: Security: Only-iOS Information disclosure in blink)
You're re-reporting  Issue 680409  fixed in Blink for Chrome 57 seven months ago.

Unfortunately, due to Apple policies, Chrome cannot use Blink on iOS and must rely on the built-in WebKit code. If this reproduces in iOS today, the WebKit team will need to  decide whether they'd like to port a fix.

(When re-reporting vulnerabilities, please reference the original bug to speed triage and provide useful context.)

Comment 2 by chromium...@gmail.com, Aug 16 2017 

Ok, Thanks!

Comment 3 by elawrence@chromium.org, Aug 20 2017

Status: WontFix (was: Unconfirmed)
Would you mind filing this bug directly against the WebKit project so that you get appropriate followup/credit, etc?

https://webkit.org/security-policy/#how-to-report-security-bugs
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 27 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment