New issue
Advanced search Search tips

Issue 792743 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

I photographed you you can see the pictures at the bottom

Reported by bndr6...@gmail.com, Dec 7 2017 
 template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]
Screenshot_٢٠١٧١٢٠٧-٠١٣٩١٤.png
120 KB View Download
Screenshot_٢٠١٧١٢٠٦-٢٢٠٥٤١.png
171 KB View Download

Comment 1 by bndr6...@gmail.com, Dec 7 2017

Screenshot_٢٠١٧١٢٠٦-٢٢٠٦٠٥.png
350 KB View Download

Comment 2 by bndr6...@gmail.com, Dec 7 2017 

I photographed you you
Screenshot_٢٠١٧١٢٠٧-٠٢١٣٣١.png
97.8 KB View Download

Comment 3 by bndr6...@gmail.com, Dec 7 2017 

I photographed you you can see the pictures at the bottom

Comment 4 by elawrence@chromium.org, Dec 7 2017

Labels: Needs-Feedback
I think the claim here, based on the second screenshot, is that you found a way to inject script into a sites.google.com page. Is that correct? 

Can you provide the steps that reproduce that claim, or the URL demonstrating it?

Comment 5 by elawrence@chromium.org, Dec 7 2017

Status: WontFix (was: Unconfirmed)
This does not represent a vulnerability in Google Chrome.

You can report XSS vulnerabilities in Google products including Google's "Sites" domain by following the process outlined here: https://www.google.com/about/appsecurity/reward-program/

Comment 6 by bndr6...@gmail.com, Dec 8 2017 

بف
Project Member

Comment 7 by sheriffbot@chromium.org, Mar 16 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment