Issue 821336 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 81697
Owner:	----
Closed:	Mar 2018
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: XSS on chrome browser

Reported by niraj25...@gmail.com, Mar 13 2018

Issue description



VULNERABILITY DETAILS
XSS vulnerability on the chrome home page. when entering a payload 'javascript:alert(1);' in the search bar as soon as we open chrome and hit enter, we get a javascript popup.

VERSION
Chrome Version:  64.0.3282.186
Operating System: Windows 10 Enterprise

REPRODUCTION CASE
attached is the poc.

xss_poc.pdf
365 KB Download

Comment 1 by est...@chromium.org, Mar 13 2018

Mergedinto: 81697
Status: Duplicate (was: Unconfirmed)

Thanks for the report. This isn't a security bug in Chrome, please see https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Does-entering-JavaScript_URLs-in-the-URL-bar-or-running-script-in-the-developer-tools-mean-there_s-an-XSS-vulnerability for why.

Project Member

Comment 2 by sheriffbot@chromium.org, Jun 20 2018

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 821336 link

Issue metadata

Security: XSS on chrome browser

Issue description

Comment 1 by est...@chromium.org, Mar 13 2018

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jun 20 2018

Comment 2 Deleted

Sign in to add a comment