Hi, I can't English well :(
I will report on Korea language again if you want.


- VULNERABILITY DETAILS

Chrome has the Universal XSS vulnerability in the search engines.
Any javascript can execute by the search engine.

Look at the "POC.mp4".

- VERSION

Chrome Version: Version 67.0.3396.87 (Official Build) (64-bit) 
Operating System: ALL OS 
I tested it on Window 10 using the latest chrome version. 


- REPRODUCTION CASE

Look at the "FULL_POC.mp4".

1. Go to the "chrome://settings/searchEngines"
2. Remove the Default search engine. ('google.com' is default in my case)
3. Add search engine with xss payload.
"""
Search engine : Google
Keyword : google.com
URL with %s in place of query : javascript:alert(document.domain);var _="%s"  

↑↑↑ URL field is important! you can execute any javascript code. 
"""
4. Make default it
5. Search anything in the url bar.


- HACKING Scenario

The victim doesn't know chrome was hacked because the hacker can enter the original code like this: window.location="https://google.com/search?q=%s";


1. Hacker makes the hacked google account and shares account's id and password to any website. Victim login with this hacked account and 	
synchronizing the account setting.

The Victim's Chrome browser will be hacked.


2. Hacker set the exploit code into the public computers. (Many public computers in the Internet cafe or school .. etc)


Hacker can read e-mail when you move from the e-mail site like a Gmail.
Hacker can get the all of information on latest visited site.

As you already know that Hacker can do all of the exploits using javascript. 


Thank you.



 

Deleted: POC.mp4 10.6 MB

	POC.mp4 10.6 MB View Download

Deleted: FULL_POC.mp4 15.3 MB

FULL_POC.mp4 15.3 MB Download