[CVE-2011-2848] URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button


Issue: URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2848


UPDATE Link: http://googlechromereleases.blogspot.fr/2011/09/stable-channel-update_16.html


Issue 89564 http://code.google.com/p/chromium/issues/detail?id=89564


Announced: September 16, 2011
Reporter: Security researcher Jordi Chancel
Impact: Moderate
Products: Google Chrome
Fixed in: Google Chrome 14.0.835.163


Description

Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.

Report Description

In some cases,after some window.location=’attacker’ that are used, history.forward() can be ignored.
If the user goes forward on google chrome manually,opens and closes a new tab, Location bar is spoofed


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

Comments are closed.