Issue metadata
Sign in to add a comment
|
Security:Google Chrome Make Full Conenction To Web Site While Type It In Address Bar Without Submit/Browse/Send It
Reported by
kobi19...@gmail.com,
Aug 2
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS When USER Only Type The Web Site He Wish To Browse Through Google Chrome Address Bar Without Send It Or Submit It(as "ENTER" Key) Its Already Makes a Full Connection With The Web-Site Server TCP 3 Way Handshake+ DATA Transfer: 1.Its Sends An Dns Query To Find The Web Site Ip Address 2.Its Start With Fully TCP 3 Way Handshake Connection With The Web Site Server 3.Its Send An HTTP (In That Case) Request To Get The Main Page From The Web Site Server 4.The Client Gets Response OK Succeed From The Web Site Server With The Page HTML The User Not See It Or Observer It At Google Chrome Windows,Meaning Its Succeed To Transfer Data And Make Full Connection With The Server Without The User Permission Or Request. Hackers Can Exploit It And Make Their Life Easier There Is No Need With User Interaction To "Run"/"Submit" The Url In Order To "Activate" It Only There Is a Need To Copy The Malicious Address Into The Address Bar. Additional Sometimes Users Copy URL Web Site/IP Address To The URL Address Bar Without Meaning To Browse It Only Matter For Checking Through Blacklist Services It Can Be Exploit Without The User Interaction And Transffer Malware/Virus/Malicious software To User Server/User Computer. Hackers Can Attack Servers With DOS/DDOS Attack Through The Google Chrome Address Bar VERSION Chrome Version: [67.0.3396.99] + [stable] Operating System: [Windows 8 Pro 64 bit] REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace *with symbols*, registers, exception record] Client ID (if relevant): [see link above]
,
Aug 3
thx i will explain in separate message. what a about user permission, this kind of method can harm the user when he didnt expect to ask a full connection with the specific server additional if he copy and paste "bad" ip address/url to address bar without know that google chrome will make full connection with the server(He Cannot See The Connection Through The Browser) and without meaning to browse open that url it can exploit user unaware to that preload feature. you need to warn the user regarding to that preload feature. thx
,
Nov 9
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Aug 2Status: WontFix (was: Unconfirmed)