New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 888268 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner: ----
Closed: Oct 9
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Open restriction url by google optimize

Reported by ma7h1a...@gmail.com, Sep 22

Issue description

VULNERABILITY DETAILS

google optimize https://chrome.google.com/webstore/detail/google-optimize/bhdplaindhdkiflmbfbciehdccfhegci

then visit:

https://optimize.google.com/optimize/sharepreview/?id=1&gtm_experiment=1&url=javascript:alert(1)&opt_experiment_name=1&opt_variation_name=1&container_name=1

attacker could control the param for tabs.create. redirect to any restriction scheme like chrome:// , file://

similar issue:

 issue 654279  and  issue 836858 

VERSION
Chrome Version: 69
Operating System: windows 7
 
Cc: mbarbella@google.com asawarimalik@google.com
Labels: Security_Severity-Low Security_Impact-None
This is a bit of an unusual case since it's in a google-managed extension rather than chrome itself. 

asawarimalik: Are you able to take a look at this or happen to know who would be able to fix an issue with the extension? Ideally we'd want to whitelist the URL so that only a valid one can be accessed, or at least the scheme if they're expected to be arbitrary.
Cc: ddimitrop@google.com
Status: Fixed (was: Unconfirmed)
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 11

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Labels: reward-topanel
Project Member

Comment 7 by sheriffbot@chromium.org, Jan 16 (6 days ago)

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment