New issue
Advanced search Search tips

Issue 837268 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Apr 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Captcha Bypass

Reported by 552...@cjuhsd.net, Apr 26 2018 
VERSION
Chrome Version: [63.0.3239.140] + [stable]
Operating System: [Chrome OS  63.0.3239.140 Official Build]

If the computer detects odd activity on a network of multiple chromebooks, it gives a captcha to all chromebooks on the network. A bypass can be used by clicking "terms of service" and clicking sign in on the top right. This gives you full internet access without needing to verify you are not a robot. I use chromebooks on a school network which often blocks my peers from using the internet when chrome detects odd activity. INstead of doing the captcha, I clicked the external link of terms of service and signed in.

Comment 1 by elawrence@chromium.org, Apr 26 2018

Status: WontFix (was: Unconfirmed)
This does not reflect a security bug in Google Chrome.

Vulnerabilities in non-Chrome sites and services can be reported using the process described here: https://www.google.com/about/appsecurity/reward-program/, however, anti-abuse mechanisms like the CAPTCHA on search are complex (behavior controlled by multiple factors, some of which are non-obvious), and circumvention of anti-abuse mechanisms like this might not be considered a security bug by that team.
Project Member

Comment 2 by sheriffbot@chromium.org, Aug 3

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment