Issue metadata
Sign in to add a comment
|
Security: Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows
Reported by
vishnupr...@gmail.com,
Jun 30 2018
|
||||||||||||||||||
Issue descriptionTitle Clickjacking In Chrome Version 67.0.3396.99 (Official Build) (64-bit) Windows Vuln Type Clickjacking Description === The Chrome Version 67.0.3396.99 (Official Build) (64-bit) for windows allowing iframing of facebook,Google.com,etc web page. Impact === Any attacker can perform or trick victim to harm account Repro steps Setup === Chrome Version 67.0.3396.99 (Official Build) (64-bit) in windows Steps === 1. Install Chrome Version 67.0.3396.99 (Official Build) (64-bit) in wondows 10 2. Run HTML code like below -------------------------- <!DOCTYPE html> <html> <head> <title>CJ</title> </head> <body> <iframe src="https://mbasic.facebook.com/" width="1000" height="1000"></iframe> </body> </html> -------------------------- The page loaded inside the iframe. POC Link-- https://goo.gl/CK5m1n I have tested it multiple times. Some sites are not loading.. But www.facebook.com and mail.google.com have a prevention against it. Thanks, Vishnu
,
Jul 2
Unclear description, PoC not usable and hence bug not actionable. Please provide clear description of the problem and a reduced testcase for reproduction.
,
Jul 2
Issue 859301 has been merged into this issue.
,
Jul 2
Hi , I have able to done this via https://chrome.google.com/webstore/detail/ip-whois-flags-chrome-web/kmdfbacgombndnllogoijhnggalgmkon?hl=en this add-on. I found it on later checking. Using this add-on all websites are loading in iframe. Including google. 69000+ users using this add-on . Thank you, Vishnu
,
Oct 9
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by vishnupr...@gmail.com
, Jul 1