New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 859306 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 2
Cc:
phoglund@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: blob creates unwanted RTCP connection with help of shadow roots.

Reported by itsjusta...@gmail.com, Jun 30 2018 
VULNERABILITY DETAILS
To be perfectly honest, I do not understand what this script really does. All I understand is that a blob file creates a RTCP connection with the help of shadow roots. However I have no doubt it is malicious and exploits several features of the web platform and Chromium. That's why I thought it would be the right thing to report it here.

VERSION
Chrome Version: [68.0.3440.42] + [beta] + [64bit]
Operating System: [Windows, 7 Home Premium, service pack level 1]

The following blob is inserted after user interaction (click) on an element: blob:https://hdeuropix.cc/643f25fd-f102-4af4-b0af-9b314917ec73

See the attached blob file for details of the exploit.
blobhttpshdeuropix.cc643f25fd-f102-4af4-b0af-9b314917ec73
10.2 KB Download
chrome security bug.jpg
479 KB View Download

Comment 1 by infe...@chromium.org, Jul 2

Cc: phoglund@chromium.org
Components: Blink>WebRTC
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
I don't see how this is a security vulnerability. Please provide more detailed explanation on why you think that is the case.

Sign in to add a comment