[CVE-2011-3875] URL bar spoof with drag+drop of URLs

Titre: Google Chrome Location Bar Spoofing using very long string on a web address in the location bar./URL bar spoof with drag+drop of URLs

CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3875

Author: Security researcher Jordi Chancel

UPDATE Link: http://googlechromereleases.blogspot.fr/2011/10/chrome-stable-release.html


Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

  • Vidéo de démonstration :

Vidéo Exemple : Google Chrome URL Spoofing Vulnerability using Drag & Drop (User try to drag & drop a selected text into the Location Bar for use Google to search these selected words).

-Security Researcher Jordi Chancel