Security: Iframe Breaker with Redirect
Reported by
tirasoft...@gmail.com,
Aug 26
|
|||||
Issue description
I've found the way to redirect on any URL from the web page (in example from iframe). "Redirect blocked" does not appear at the URL field in browser.
VERSION
Chrome Version: Version 68.0.3440.106 (Official Build) (64-bit)
Operating System: Windows 10
Example:
File #1: open-iframe.html
<iframe src="iframe-breaker.html"></iframe>
File #2: iframe-breaker.html
<script>
function myFunction() {
self.top.location.href = "https://www.yahoo.com/";
}
if ((self.parent && !(self.parent === self)) && (self.parent.frames.length != 0)){
window.onclick = myFunction;
myFunction();
document.getElementById('elementID').click();
}
</script>
Best regards,
Pavel Voronov
admin@tirasoft.com
,
Aug 27
,
Aug 27
This is WAI, our redirect blocking only works for cross origin iframes. I wrote up an example here, where we have an iframe to https://cr.kungfoo.net/bugs/framebust/iframe-breaker.html. http://cr.kungfoo.net/bugs/framebust/open-iframe.html --> This should trigger the blocker because we are cross origin to the parent. https://cr.kungfoo.net/bugs/framebust/open-iframe.html --> This should go through because we are same origin to the parent.
,
Aug 27
japhet FYI
,
Dec 4
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vakh@chromium.org
, Aug 27Labels: -Type-Bug-Security OS-Chrome OS-Linux OS-Mac OS-Windows Type-Bug
Status: Assigned (was: Unconfirmed)