New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 796540 link

Starred by 2 users

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

http://www.wolflair.com/frame.php?context=army_builder&url=javascript:alert(/openbugbounty/)

Reported by lacroute...@gmail.com, Dec 20 2017

Issue description

Device name:
sony aqua m 

with this url

http://www.wolflair.com/frame.php?context=army_builder&url=javascript:alert(/openbugbounty/)

popup show on android webphone with chrome
i have discovered bypass xss in chrome
chrome for my android webphone

android 5.0
kernel 3.10.49-perf-gc6d4e64
numero du build 26.1.B.3.109


Actual result:

popup show 




 
xssandroid.png
39.4 KB View Download
Labels: Needs-triage-Mobile
Cc: sandeepkumars@chromium.org
Labels: Triaged-Mobile Needs-Feedback
Tested the issue in Android and could not reproduce the issue 

Steps Followed:
1. Launched the Chrome Browser.
2. Navigate to http://www.wolflair.com/frame.php?context=army_builder&url=javascript:alert(/openbugbounty/)
3. Page doesn't load (Observing white screen)

Chrome versions tested
63.0.3239.111(Stable)

Android 4.4.4

Android Devices:
4.4.4; C6902 Build/14.4.A.108

@lacroutelacroute: Could you please help us with the accessible URL, and chrome version on which your'e facing the issue.

Thanks!!
the page has been corrected by the care of its webmaster

it's too late
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 21 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "sandeepkumars@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Components: UI
Labels: -Pri-3 M-65 OS-Linux OS-Mac OS-Windows Pri-2 Type-Bug
Status: Untriaged (was: Unconfirmed)
Tested the issue in Android and able to reproduce the issue. Observed the Pop up message

Steps Followed:
1. Launched the Chrome Browser.
2. Navigate to http://topsea.co.il/frame.php?url=javascript:alert(/OPENBUGBOUNTY/)
3. Observed the Pop up message

Chrome versions tested
63.0.3239.111(Stable)

Android 4.4.4

Android Devices:
4.4.4; C6902 Build/14.4.A.108

This seems to be a Non-Regression issue as same behavior is seen since M62. Untriaged for further input's on this issue.

Please navigate to below link for log's and video--
go/chrome-androidlogs/796540

Note: This issue is observed using #63.0.3239.108 in Desktop (Win, Mac and Linux) as well

Thanks!!

 Issue 796877  has been merged into this issue.

Sign in to add a comment