New issue
Advanced search Search tips

Issue 789575 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Malicious ad hijacks Incognito Chrome on Android

Reported by deaburn...@gmail.com, Nov 29 2017 


VULNERABILITY DETAILS

The current version of Chrome is susceptible to browser hijacking when in incognito mode under some situations.

VERSION

Chrome Version: 62.0.3202.84 - stable
Operating System: Android 7.1.1 / ONEPLUS a5000 build / NMF26X (current OnePlus OS)

REPRODUCTION CASE

Go to zerohedge.com on an Android OnePlus phone (This site hosts ad networks that take advantage of the bug).  Chrome browser will be hijacked in incognito mode, but not in regular mode.  Unknown about other Android phones.

Unclear if this bug is a vulnerability in Chrome itself, or something in the Android software OS and version.  The same bug does not occur on my Ipad, windows 10, or Ubuntu machines.

Comment 1 by elawrence@chromium.org, Nov 29 2017

Labels: Needs-Feedback
Please explain precisely what you mean when you say "Hijacked"?

Comment 2 by elawrence@chromium.org, Nov 29 2017

Labels: OS-Android
Summary: Security: Malicious ad hijacks Incognito Chrome on Android (was: Security: Bug in chrome)

Comment 3 by raymes@chromium.org, Dec 3 2017

Status: WontFix (was: Unconfirmed)
Marking WontFix based on a lack of details/feedback. If you're able to reproduce this, please file a new bug and ideally attach a screen recording of what you're seeing to help us investigate. Thanks!
Project Member

Comment 4 by sheriffbot@chromium.org, Mar 12 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment