Issue 806909 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jan 2018
Components:	Blink>SecurityFeature>CORS
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: CORS bypass to exfiltrate data.

Reported by sirbradl...@gmail.com, Jan 29 2018

Issue description

VULNERABILITY DETAILS
CORS restrictions do not block the request only the response. This makes it possible to
exfiltrate data by posting to an external domain. 

VERSION
Chrome Version: 64.0.3282.119
Operating System: Linux version 4.14.15-1-zen (builduser@heftig-32600) (gcc version 7.2.1 20180116 (GCC)) #1 ZEN SMP PREEMPT Tue Jan 23 21:49:22 UTC 2018

REPRODUCTION CASE
cors.html - You'll need a server setup to receive the response.
request.log - successful request log

cors.html
436 bytes View Download

Comment 1 by elawrence@chromium.org, Jan 29 2018

Components: Blink>SecurityFeature>CORS
Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)

This is working as expected. 

CORS is used to relax Same-Origin-Policy. Same-Origin-Policy is a complex topic, but generally does not forbid writing data from one context to another, subject to limitations in the format of that data.

https://blogs.msdn.microsoft.com/ieinternals/2012/04/02/same-origin-policy-part-2-limited-write/

►

Issue 806909 link

Issue metadata

Security: CORS bypass to exfiltrate data.

Issue description

Comment 1 by elawrence@chromium.org, Jan 29 2018

Comment 1 Deleted

Sign in to add a comment