New issue
Advanced search Search tips

Issue 788476 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
elawrence@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug
M-X



Sign in to add a comment

Dismiss "Look Up" UI when switching tabs

Reported by chromium...@gmail.com, Nov 25 2017 
VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

VERSION
Chrome Version: 64.0.3277.0
Operating System: Mac 

REPRODUCTION CASE
1. Click in 'Here'
2. Select the text
3. Right click >> click on Look up "Text..." and wait
4. Observe 

The scenario of this bug is similar to  bug 673163 .
poc.html
196 bytes View Download
Actual.mp4
287 KB View Download

Comment 1 by elawrence@chromium.org, Nov 25 2017

Labels: Needs-Feedback OS-Mac
Summary: Security: Selected text can appear over the wrong tab when using Mac "Look up" feature (was: Security: Selected text can appear over the wrong tab )
Can you describe any way in which this would represent a security vulnerability? 

At worst, it looks like a trivial functional bug.

Comment 2 by chromium...@gmail.com, Nov 25 2017 

This is a hypothetical attack, evil.com can open an OAuth page and display a "You should click accept" on that tab, which would be bad.

Comment 3 by chromium...@gmail.com, Nov 25 2017 

But I'm not sure if this is a security bug.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 25 2017

Cc: elawrence@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by jialiul@chromium.org, Nov 26 2017

Components: UI>Browser>Contextual>Search
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Agree with elawrence's assessment. The friction is much higher than   bug 673163 .
Change type to BUG.

Comment 6 by krajshree@chromium.org, Nov 27 2017

Labels: M-64 Triaged-ET Needs-Triage-M64 Pri-2
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on Mac 10.12.6, Win-10 and Ubuntu 14.04 using chrome reported version #64.0.3277.0 and latest canary #64.0.3278.0.
The issue is specific to OS-Mac.
This is a non-regression issue as it is observed from M50 old builds. 

Hence, marking it as untriaged to get more inputs from dev team.

Thanks...!!

Comment 7 by sdy@chromium.org, Dec 7 2017

Labels: -Pri-2 Hotlist-GoodFirstBug Hotlist-PlatformExcellence Pri-3
Status: Available (was: Untriaged)
[Mac triage]
Project Member

Comment 8 by sheriffbot@chromium.org, Dec 10

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 9 by robliao@chromium.org, Dec 11

Owner: ellyjo...@chromium.org
Status: Assigned (was: Untriaged)
Summary: Selected text can appear over the wrong tab when using Mac "Look up" feature (was: Security: Selected text can appear over the wrong tab when using Mac "Look up" feature)
Seems we should dismiss these on navigation. Sending this one to ellyjones@.

Comment 10 by ellyjo...@chromium.org, Dec 12

Labels: -M-64 M-X
Owner: ----
Status: Available (was: Assigned)
Summary: Dismiss "Look Up" UI when switching tabs (was: Selected text can appear over the wrong tab when using Mac "Look up" feature)

Sign in to add a comment