New issue
Advanced search Search tips

Issue 841030 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: May 2018
Cc:
ios-bugs@chromium.org
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Sandbox Escape&Information Leak

Reported by faarari...@gmail.com, May 8 2018 
Chrome Version: 66.0.3359.122 stable
Operating System: iOS 11.3.1 iPhoneX

POC video: https://youtu.be/t1aVT25GHTA

Comment 1 by elawrence@chromium.org, May 9 2018 

Can you explain in words what you're attempting to report here? This does not look like a vulnerability in Chrome.

Comment 2 by elawrence@chromium.org, May 9 2018

Labels: OS-iOS
As far as I can tell from the video, this simply concerns the fact that a user can share (via Share>Apple Messages) a document from the phone's filesystem without that document's URL being loadable within Chrome itself. 

This does not seem like a vulnerability.

The video also seems to show that the error message for a document that does not exist is ERR_FILE_NOT_FOUND, while the error message for a document that exists is ERR_FAILED.

This doesn't seem like a vulnerability either, unless the error information were somehow accessible to JavaScript.

Comment 3 by rsesek@chromium.org, May 14 2018

Status: WontFix (was: Unconfirmed)
Project Member

Comment 4 by sheriffbot@chromium.org, Aug 21

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment