Issue 765942 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Sep 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: XSS

Reported by mayurudi...@gmail.com, Sep 16 2017

Issue description

I have found a strange behavior resulting in Cross Site Scripting.

Step to reproduce:-

1.)Type javascript:alert(1) in url bar. XSS will trigger in browser.

With the help of CSRF request this bug can be exploit remotely.

I am attaching PoC with this . 

Chrome latest version is affected from this.

Thanks

	google_Xss.png 93.0 KB View Download

Comment 1 by mea...@chromium.org, Sep 17 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)

Thanks for the report, but this isn't a vulnerability. Please see https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Does-entering-JavaScript:-URLs-in-the-URL-bar-or-running-script-in-the-developer-tools-mean-there-s-an-XSS-vulnerability-

►

Issue 765942 link

Issue metadata

Security: XSS

Issue description

Comment 1 by mea...@chromium.org, Sep 17 2017

Comment 1 Deleted

Sign in to add a comment