VULNERABILITY DETAILS
A cross site scripting security bug was observed in the search bar of chrome browser

VERSION
Chrome Version: 62.0.3202.94 (Official Build) (64-bit)
Operating System: Windows 7 Enterprise 

REPRODUCTION CASE

1. Open a new tab in Google Chrome Browser
2. Insert the payload in the search bar (Please note that I have typed these payload directly into the browser search bar and not copy-pasted it)

    Payloads used:

    javascript:alert(0)
    javascript:alert(document.cookie)
    javascript:alert(document.domain)
    javascript:prompt(document.cookie)

To reproduce please type the above mentioned payloads

3. Cross site scripting in browser is show in the screenshots attached.

NOTE: I have not changed any of the default settings in this Google Chrome. Also the payload was easily executed in my browser

Please provide insight on the above issue.If this is not a valid security bug, please give me an understanding why this has happened. 

Thanks Google Security Team,

 

Deleted: 0.PNG 107 KB

	0.PNG 107 KB View Download

Deleted: cookie.PNG 116 KB

	cookie.PNG 116 KB View Download

Deleted: domain.PNG 106 KB

	domain.PNG 106 KB View Download

Deleted: prompt.PNG 114 KB

	prompt.PNG 114 KB View Download