Archive for avril 2011

[CVE-2011-1452] URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirection and location.reload()


Issue: URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirect and location.reload()


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1452


UPDATE Link: http://googlechromereleases.blogspot.fr/2011/04/chrome-stable-update.html


Issue 77786 https://code.google.com/p/chromium/issues/detail?id=77786


Announced: April 27, 2011
Reporter: Security researcher Jordi Chancel
Impact: Moderate
Products: Google Chrome
Fixed in: Google Chrome 11.0.696.57


Description

Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.

Report Description

Click on the button , when you see twitter.com on title of tab , open a new tab , look to the previous tab , the URL Bar show Twitter.com with the previous content.


  • Vidéo de démonstration :


  • Image de démonstration de la même vulnérabilité permettant aussi le spoofing de l’indicateur de connexion sécurisé (SSL/TLS Spoofing) :


-Security Researcher Jordi Chancel