Issue metadata
Sign in to add a comment
|
Security: Open restriction url by google optimize
Reported by
ma7h1a...@gmail.com,
Sep 22
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS google optimize https://chrome.google.com/webstore/detail/google-optimize/bhdplaindhdkiflmbfbciehdccfhegci then visit: https://optimize.google.com/optimize/sharepreview/?id=1>m_experiment=1&url=javascript:alert(1)&opt_experiment_name=1&opt_variation_name=1&container_name=1 attacker could control the param for tabs.create. redirect to any restriction scheme like chrome:// , file:// similar issue: issue 654279 and issue 836858 VERSION Chrome Version: 69 Operating System: windows 7
,
Sep 25
This is a bit of an unusual case since it's in a google-managed extension rather than chrome itself. asawarimalik: Are you able to take a look at this or happen to know who would be able to fix an issue with the extension? Ideally we'd want to whitelist the URL so that only a valid one can be accessed, or at least the scheme if they're expected to be arbitrary.
,
Sep 28
,
Oct 9
,
Oct 11
,
Nov 12
,
Jan 16
(6 days ago)
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ma7h1a...@gmail.com
, Sep 22