New issue
Advanced search Search tips

Issue 859301 link

Starred by 0 users

Issue metadata

Status: Duplicate
Merged: issue 859302
Owner: ----
Closed: Jul 2
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows

Reported by vishnupr...@gmail.com, Jun 30 2018

Issue description

Title

Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows
Vuln Type

Clickjacking


Description
===
The Chrome Version 67.0.3396.99 (Official Build) (64-bit) for windows allowing iframing of facebook,Google.com,etc web page.

Impact
===

Any attacker can perform or trick victim to harm account
Repro steps

Setup
===
Chrome Version 67.0.3396.99 (Official Build) (64-bit) in windows
Steps
===

1. Install Chrome Version 67.0.3396.99 (Official Build) (64-bit) in wondows 10

2. Run HTML code like below

--------------------------

<!DOCTYPE html>
<html>
<head>
<title>CJ</title>

</head>
<body>
<iframe src="https://mbasic.facebook.com/" width="1000" height="1000"></iframe>
</body>

</html>





--------------------------




The page loaded inside the iframe.



POC Link-- https://goo.gl/CK5m1n

I have tested it multiple times.


Some sites are not loading.. 
But www.facebook.com and mail.google.com have a prevention against it.

Thanks,
Vishnu
 
Mergedinto: 859302
Status: Duplicate (was: Unconfirmed)
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 9

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment