Issue 814601 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 702759
Owner:	----
Closed:	Feb 2018
Cc:	asanka@chromium.org
Components:	Internals>Network>Auth
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug

Security: Denial of service by JavaScript requesting sources that return unauthorized headers

Reported by flole...@googlemail.com, Feb 22 2018

Issue description

VULNERABILITY DETAILS
When using a JavaScript to periodically send requests to a webserver, when the webserver responds with an unauthorized header a denial of service is possible as chrome will open one popup for each request asking for credentials which have to be dismissed by the user individually. This also builds up popups in the background, when the tab is no longer in foreground. After returning to it all popups have to be dismissed in order to use chrome again.

VERSION
Chrome 64.0.3282.137 on Android 8.0

This is my first bug report, please tell me how I can improve in the future.

Comment 1 by elawrence@chromium.org, Feb 22 2018

Components: Internals>Network>Auth
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Mergedinto: 702759
Status: Duplicate (was: Unconfirmed)

Thanks for the report. Chrome does not track Denial-of-Service issues as security vulnerabilities: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md

This issue is tracked as Issue 702759.

►

Issue 814601 link

Issue metadata

Security: Denial of service by JavaScript requesting sources that return unauthorized headers

Issue description

Comment 1 by elawrence@chromium.org, Feb 22 2018

Comment 1 Deleted

Sign in to add a comment