New issue
Advanced search Search tips

Issue 788836 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Nov 2017
Cc:
awhalley@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: Email of reporter is being leaked within the report itself

Reported by jonbotta...@gmail.com, Nov 27 2017 
VULNERABILITY DETAILS
This is more of an info leak instead of an actual vulnerability, but it should be fixed regardless: 

At this URL: https://bugs.chromium.org/p/chromium/issues/detail?id=766253
At the top of the page, you can see that the reporter info is hidden, it looks like this:

Reported by gzo...@gmail.com, Sep 18

Based on this, an attacker would have no way of determining who's email reported this issue. 

However, due to what looks like a mistake, the full email addresses of the reporter is located further down the page: gzobqq@gmail.com

CRTL+F on the page, enter the string gzobqq@gmail.com, and check the results 


Attack scenario:
Confidential info (email) of the reporter is exposed so that anyone visiting the URL can determine the reporter's email, which seems like a pretty bad exposure of privacy for someone who wants to remain anonymous.

VERSION
Not Applicable

Comment 1 by jonbotta...@gmail.com, Nov 27 2017 

I've attached a screenshot so that you can see the exact place on the page where this email is disclosed:
Screen Shot 2017-11-27 at 12.44.27 PM.png
420 KB View Download

Comment 2 by jialiul@chromium.org, Nov 27 2017

Cc: awhalley@chromium.org
Components: Admin>BugProcess
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Since it is not a chrome/chromium bug, I'll remove the bug-security label.

Comment 3 by elawrence@chromium.org, Nov 27 2017 

This does not represent a vulnerability in either Chrome or Chrome's bug tracker. The reporter in this report included their own email address within the text of their bug report. This was their choice.

Please do feel free to report cases where it looks like a Chrome team member accidentally leaked an email address-- this does happen from time-to-time.

Comment 4 by jonbotta...@gmail.com, Nov 27 2017 

Apologies... I was told to report this here from the Google security team:

jo...@google.com added comment #3:
Hey,

Thanks a lot for looking into it and reporting. This looks like an issue in Chrome and they have their own team for handling incoming security reports. Please report the bug at https://code.google.com/p/chromium/issues/entry?template=Security%20Bug instead - the issue will be resolved faster, as you'll talk to the right people directly. Security bugs in Chrome and Chrome OS are also eligible for a reward under the Chrome Vulnerability Rewards Program (https://www.google.com/about/appsecurity/chrome-rewards/).

In the future, should I report issues of emails being leaked here or somewhere else? 

Thanks

Comment 5 by awhalley@google.com, Nov 27 2017

Status: WontFix (was: Unconfirmed)
Hi jonbottarini@ - thanks for the report. In this case, the email address is exposed because the reporter explicitly included it in their report, the tracking system itself is behaving correctly.

Sign in to add a comment