Articles récents


[CVE-2011-3875] URL bar spoof with drag+drop of URLs

Titre: Google Chrome Location Bar Spoofing using very long string on a web address in the location bar./URL bar spoof with drag+drop of URLs


Author: Security researcher Jordi Chancel



Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

  • Vidéo de démonstration :

Vidéo Exemple : Google Chrome URL Spoofing Vulnerability using Drag & Drop (User try to drag & drop a selected text into the Location Bar for use Google to search these selected words).

-Security Researcher Jordi Chancel