Issue metadata
Sign in to add a comment
|
Security: Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows
Reported by
vishnupr...@gmail.com,
Jun 30 2018
|
||||||||||||||||||||
Issue descriptionTitle Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows Vuln Type Clickjacking Description === The Chrome Version 67.0.3396.99 (Official Build) (64-bit) for windows allowing iframing of facebook,Google.com,etc web page. Impact === Any attacker can perform or trick victim to harm account Repro steps Setup === Chrome Version 67.0.3396.99 (Official Build) (64-bit) in windows Steps === 1. Install Chrome Version 67.0.3396.99 (Official Build) (64-bit) in wondows 10 2. Run HTML code like below -------------------------- <!DOCTYPE html> <html> <head> <title>CJ</title> </head> <body> <iframe src="https://mbasic.facebook.com/" width="1000" height="1000"></iframe> </body> </html> -------------------------- The page loaded inside the iframe. POC Link-- https://goo.gl/CK5m1n I have tested it multiple times. Some sites are not loading.. But www.facebook.com and mail.google.com have a prevention against it. Thanks, Vishnu
,
Oct 9
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Jul 2Status: Duplicate (was: Unconfirmed)