Issue 879826 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Sep 1
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Show other hotlists

Hotlists containing this issue:
Hotlist-1

Security: Google Chrome UXSS

Reported by hackyzh...@gmail.com, Sep 1

Issue description



chrome Version 68.0.3440.106 (Official Build) (64-bit)

mac os x 10.13.6


1. first input domain www.google.com
2.then input payload javascript:alert(document.cookie)
3. UXSS alert

Because I am not familiar with javascript,I can't write a good POC.
In the future, I will continue to study and develop a good UXSS.Now I am tring to develop it. 


for more information,please look the video.

UXSS.mp4
22.2 MB Download

	UXSS.jpg 605 KB View Download

Comment 1 by tsepez@chromium.org, Sep 1

Status: WontFix (was: Unconfirmed)

NO, this is not an XSS.  See https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Does-entering-JavaScript_URLs-in-the-URL-bar-or-running-script-in-the-developer-tools-mean-there_s-an-XSS-vulnerability

Comment 2 by hackyzh...@gmail.com, Sep 1

But It happen in other domain,is that not an XSS?

Comment 3 by tsepez@chromium.org, Sep 4

Nope.

Project Member

Comment 4 by sheriffbot@chromium.org, Dec 9

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 879826 link

Issue metadata

Security: Google Chrome UXSS

Issue description

Comment 1 by tsepez@chromium.org, Sep 1

Comment 1 Deleted

Comment 2 by hackyzh...@gmail.com, Sep 1

Comment 2 Deleted

Comment 3 by tsepez@chromium.org, Sep 4

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Dec 9

Comment 4 Deleted

Sign in to add a comment