Issue metadata
Sign in to add a comment
|
Security: Emoji images display in omnibox
Reported by
robert.o...@gmail.com,
Sep 29 2017
|
||||||||||||||||||||||
Issue description
,
Sep 30 2017
I'm not doing it as a professionalist, so I can't explain it properly, but it is potential gate for hacker. It is new I/O channel (between hacker and user/browser), which isn't needed (risk is higher, than it could be). I'm sure, that if someone will think about it, he/she will find a way, how to use it for evil purpouses. For e.g user can think, that it is an virus/bug, So he will reinstal or restart chrome (do what hacker wants him to do). I have a better case. Imagine: - Person A is an old woman, which is using chrome, but she had no idea how things works in a internet world. - Person B is an hacker, that is good in psychology. - He is posting such (properly works) link, under which You can find some info about Jesus Christus. 1. Old Woman is pasting link. 2. Old Woman (or someone from her family) is erasing emots. 3. Now links provides to fake bank site. 4. Old Woman had bils to pay, So she decide do do it now. You can imagine what is happening next. This "feature" is leading to much of Such cases... I would also notice, that this feature was not planed (it is unusefull), so it is not what developer wants to do - its a bug that can be in the future "a bug in the system".
,
Sep 30 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 30 2017
Since this is is non-hostname portion, it is not a security vulnerability. Removing emojis will still remove it from non-hostname portion.
,
Sep 30 2017
Check Your def. of "security vornulabilty" ;)
,
Jan 7 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Sep 29 2017Labels: Needs-Feedback
Summary: Security: Emoji images display in omnibox (was: Security: images displayed in serach/adress textfield)