New issue
Advanced search Search tips

Issue 832195 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Apr 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: reCAPTCHA I'm not a robot Bypass

Reported by grswe...@gmail.com, Apr 12 2018 

VULNERABILITY DETAILS
Bug lets you Bypass reCAPTCHA "I'm not a robot" test when performing a google search from the address bar in incognito mode from an IP address that"appear to be in violation of the Terms of Service."

VERSION
Chrome Version: Version 65.0.3325.181 (Official Build) (64-bit)
Operating System: Win 10 Pro Version 1709 OS Build 16299.309

REPRODUCTION CASE
1. Have an IP address that flagged for "unusual traffic" (In my case I have a shared IP through a small ISP)

2. Open an incognito tab (or an instance that does not have cookies unflagging your browser)

3. Perform a search using the address bar.

At this point you should hit a reCAPTCHA "I'm not a robot" test (photo1)
I'm assuming this is to stop bots but it won't.

4. Perform a search using the address bar again. This time the search will act as normal.
photo1.JPG
56.6 KB View Download

Comment 1 by elawrence@chromium.org, Apr 12 2018

Status: WontFix (was: Unconfirmed)
This does not reflect a security bug in Google Chrome.

Vulnerabilities in non-Chrome sites and services can be reported using the process described here: https://www.google.com/about/appsecurity/reward-program/, however, anti-abuse mechanisms like the CAPTCHA on search are complex (behavior controlled by multiple factors, some of which are non-obvious), and circumvention of anti-abuse mechanisms like this might not be considered a security bug by that team.
Project Member

Comment 2 by sheriffbot@chromium.org, Jul 20

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment