Less authentication on using malicious links for URL redirection
Reported by
rajat.gu...@gmail.com,
Aug 7
|
|
Issue descriptionVULNERABILITY NAME: Less authentication on malicious URL redirection URLs VULNERABILITY DETAILS: if someone visits https://www.google.com or any other website and by adding '@facebook.com' or any url after '@' the user will directly redirects to that website without any confirmation from the user. VERSION: Chrome Version: 67.0.3396.99(Official Build) (64-bit) Operating System: Windows 10 Professional REPRODUCTION CASE: 1. Visit any url like this https://www.google.com@facebook.com 2. It will redirect the user to facebook.com POC: video attached Suggested Patch: This URL 'https://www.google.com@facebook.com' actually it is making a request an authentication request to facebook.com using username as https://google.com. So a confirmation should popup to the user every time they visits a URL like this, saying that - 'You are about to visit facebook.com using username as https://google.com. This may be an attempt to trick YOU. Do you really want to visit facebook.com?' This can prevent users on visiting malicious websites that they don't intend to visit.
,
Aug 8
I am aware that this works as intent in chrome. But ideally it should get a confirmation from the user instead of directly redirect them to any malicious site and that what im proposing. |
|
►
Sign in to add a comment |
|
Comment 1 by jialiul@chromium.org
, Aug 7Status: WontFix (was: Unconfirmed)