New issue
Advanced search Search tips

Issue 757023 link

Starred by 2 users
Status: Duplicate
Merged: issue 394296
Owner: ----
Closed: Aug 2017
Cc:
a...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Infinite Pop-Up Redirect Methodology

Reported by thisisan...@gmail.com, Aug 18 2017 
Hello, this is behavior witnessed by several different "infinite popups" often portraying security alerts trying to trick users into calling a number for support.

VULNERABILITY DETAILS
Check the URI in the screenshot_redline.png file and it will become obvious how this redirection functions.  I have witnessed this in several campaigns.

VERSION
Chrome Version: Latest
Operating System: Win10

REPRODUCTION CASE
I assume you could reproduce this by simply going to the URI in question - screenshot.png

CLIFF NOTES:
It seems to me it would be trivial to detect/prevent this type of redirection based on a) time and/or b) integer incrementing at the end of the URI as seen in screenshot_redline.png.

Thanks!
screenshot.png
214 KB View Download
screenshot_redline.PNG
103 KB View Download

Comment 1 by elawrence@chromium.org, Aug 18 2017

Components: UI>Browser>Navigation
Redirections are, in and of themselves, not a security vulnerability.

To the extent that repeated navigations can make it hard to close tabs or otherwise interact with the system, this has the same underlying cause as  Issue 394296 .

After clicking the [x] on this repro in Chrome 62, the tab closed within 5 seconds.

Comment 2 by dcheng@chromium.org, Aug 21 2017

Cc: a...@chromium.org
It seems like it's not nearly obvious enough that the tab can be closed even if a popup is open. =/

Comment 3 by a...@chromium.org, Aug 21 2017 

Sigh.

If UX would give me such a UI, I would take it. Protest in front of their building.

Comment 4 by ta...@google.com, Aug 25 2017

Mergedinto: 394296
Status: Duplicate (was: Unconfirmed)
This will be prevented by the solution in 394296.
Project Member

Comment 5 by sheriffbot@chromium.org, Dec 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment