Issue metadata
Sign in to add a comment
|
Security: Chrome does not detect and warn on WiFi network change
Reported by
tushar.v...@gmail.com,
Nov 5 2017
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Chrome does not detect and warn users on WiFi network change, given that installed applications on android with relevant wifi permissions can connect to arbitrary wifi networks programatically without user interaction, this introduces a potential Man in the middle scenario, where the attacker can intercept all traffic originating from users browser. VERSION Chrome Version: [61.0.3163.98] + [stable] Operating System: [Android 7.0.0;Redmi Note4 Build/NRD90M] REPRODUCTION CASE 1. Connect to WIFI hotspot 1, using chrome browse to whats my IP Address and note down the IP address 2. Keeping chrome on, disconnect he wifi and connect to other wifi hotspot2, browse to whats my IP Address again. 3. You can see that the IP address(network address changes) but chrome does not warn user of the change in network. By routing chrome traffic to attacker controlled network, an attacker could create a man in the middle scenario by proxying all requests from chrome before passing to internet and potentially modifying/capturing confidential information. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace *with symbols*, registers, exception record] Client ID (if relevant): [see link above]
,
Feb 14 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Nov 8 2017Labels: OS-Android
Status: WontFix (was: Unconfirmed)