Issue metadata
Sign in to add a comment
|
Security: I can run JavaScript in the Omnibox (Was: An UXSS Bug on chrome Browser)
Reported by
dewd...@gmail.com,
Oct 14 2017
|
||||||||||||||||||||
Issue description
VULNERABILITY DETAILS :
The bug allow me to inject script directly on browser active tab.
when i test it on old version of chrome browser it works.
i can run my script on any website or web application without any tool.
i try to run this code on IE,forfox. but its not working on other browsers.
VERSION:
Chrome Version: 10.0.648.127 stable,62.0.3202.52(Official Build) beta(64-bit)
61.0.3163 stable.
Operating System: Windows 7 Ultimate 64 bit service pack 1
REPRODUCTION CASE :
Step 1 -
open Chrome browser and log in to a web application which one you want..
for example gmail,facebook etc..
Step 2
inject your script on an url address bar of browser with javascript: prefix.
delete the addresses from url bar and write these code and hit enter.
javascript:alert(document.domain);
javascript:alert(document.cookie);
javascript:alert(document.location);
any many more..
you can see your script run successfully.
,
Oct 15 2017
thanks for correct me.
,
Jan 21 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 22 2018
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Oct 14 2017Summary: Security: I can run JavaScript in the Omnibox (Was: An UXSS Bug on chrome Browser) (was: Security: An UXSS Bug on chrome Browser)