New issue
Advanced search Search tips

Issue 782842 link

Starred by 2 users
Status: Duplicate
Merged: issue 637098
Owner: ----
Closed: Nov 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Local files disclosure via webkitdirectory

Reported by 0x0a1...@gmail.com, Nov 8 2017 
Summary:

Using the webkitdirectory alongside minor user interaction, we are able to grab OS username of a victim.
This is because the webkitdirectory object is not properly sanitized after a folder has been picked. In my case, the downloads folder was the default folder to select and so I ended up with 'Abdulrahman/Downloads'

Products affected:
Version 62.0.3202.75 (Official Build) (64-bit)
OS Platform: Microsoft Windows 


Steps To Reproduce:

Open attached PoC and hold 'enter' for a bit.
trap.html
852 bytes View Download
chrome.png
28.4 KB View Download

Comment 1 by elawrence@chromium.org, Nov 8 2017

Components: Blink>Forms>File>Directory
Summary: Local files disclosure via webkitdirectory (was: local files disclosure)
It seems like a bigger deal that all of the files can be stolen from the user, no?

Comment 2 by 0x0a1...@gmail.com, Nov 8 2017 

yes.

Comment 3 by meacer@google.com, Nov 8 2017

Mergedinto: 637098
Status: Duplicate (was: Unconfirmed)
This is a duplicate of  bug 637098  which already is public: http://leucosite.com/Chrome-Firefox-Edge-Local-File-Disclosure/

Comment 4 by 0x0a1...@gmail.com, Nov 8 2017 

but still this is work

Comment 5 by meacer@google.com, Nov 8 2017 

0x0a1337: Yes, the bug still works, but it was previously reported in  bug 637098 . You can follow the progress on that bug, thanks.
Project Member

Comment 6 by sheriffbot@chromium.org, Feb 24 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment