New issue
Advanced search Search tips

Issue 861785 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 9
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: XSS in Chrome Browser

Reported by deepanja...@gmail.com, Jul 9 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

VULNERABILITY DETAILS

I am able to inject XSS scripts in the URL bar of Google Chrome and access sensitive information like cookies which are present for that domain. Screeshots in the  attached.

VERSION

Chrome Version: Version 67.0.3396.99 (Official Build) (64-bit)
Operating System: Windows 10 Enterprise Edition

REPRODUCTION CASE

Open the chrome browser , login to any of your personal account by entering your credentials , remove the existing URL from the URL bar and enter the below javascript 

 -   javascript:alert(document.cookie)

Chrome is displaying the cookie of the logged in user.
XSS_inChrome.docx
1.2 MB Download

Comment 1 by kenrb@chromium.org, Jul 9

Status: WontFix (was: Unconfirmed)
Thanks for the report.

The ability to run javascript: URLs is feature that is, among other things, used to enable bookmarklets.

We don't consider this a security vulnerability because the attacker has to be able to access your logged in account on your computer in order perform such an action. A more detailed description of physically local attacks is provided in the Chrome Security FAQ, https://chromium.googlesource.com/chromium/src/+/lkgr/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 16

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by deepanja...@gmail.com, Oct 16 

Hi ,

Can you please elaborate more on this comment please. Whether it is
actually a security issue or not?
"This bug has been closed for more than 14 weeks." - based on this comment
just wanted to know if it was actually an issue and fixed before.

Thanks and Regards
Deepanjan Pal.

Sign in to add a comment