This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

Reports may be eligible for reward payments under the Chrome VRP:
http://g.co/ChromeBugRewards

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

-------------------------

VULNERABILITY DETAILS
I was able to create multiple bookmark folders with the same folder name. I believe each bookmark folder should have unique name and duplicate names should not be allowed.
The possibility of creating multiple bookmark folders withe same name makes it possible for an attacker to create a new folder with the same and add malicious web address to the folder

VERSION
Chrome Version: 70.0.3538.77 + (Official Build) (64-bit)
Operating System: Windows 10, Win64; x64

REPRODUCTION CASE

I was able to create multiple bookmark folders with the same folder name. I believe each bookmark folder should have unique name and duplicate names should not be allowed.
The possibility of creating multiple bookmark folders withe same name makes it possible for an attacker to create a new folder with the same and add malicious web address to the folder



CREDIT INFORMATION
Externally reported security bugs may appear in Chrome release notes. If
this bug is included, how would you like to be credited?
Reporter credit: Vincent Adeyemi

 

Deleted: multiplebookmarkerror.png 9.7 KB

	multiplebookmarkerror.png 9.7 KB View Download