Issue metadata
Sign in to add a comment
|
Security: Easily exploitable social engineering in chrome browser
Reported by
mansvans...@gmail.com,
Jul 2
|
||||||||||||||||||
Issue descriptionHello Google, Im sorry to say that this isnt a real bug but its still a security issue that could easily be fixed. The issue is that when you go to developer tools > network and copy a request you dont get a warning box in the trend of "Dont send the copied request to anyone you dont trust since this could be used to steal your account information on that site.". It is very easy to get someone to send you this info (which includes the cookies sent with that request) with some social engineering. It becomes even easier when someone is screensharing and you let them click on the network and then click on a request and you make a screenshot of the cookie or other sensitive data. I know this requires social engineering but its very easy to exploit and could easily be fixed by popping up a warning box when clicking the network area and when copying a request. Regards, Mans van Someren Email: mansvansomeren1@gmail.com
,
Jul 3
You dont have to send a screenshot you can just tell them to click copy request and then send what they copied to you. But ok.
,
Oct 9
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by infe...@chromium.org
, Jul 2