Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
[ID: 1223031]
UI>Browser>Mobile>Settings
Supplemental component tags only. Set main component first. [ID: 1222907]
[ID: 1223136]
Design doc to be reviewed. [ID: 1223032]
[ID: 1223087]
[ID: 1223134]
Milestone(s) impacted by this issue. [ID: 1223085]
[ID: 1223084]
[ID: 1223086]
[ID: 1223034]
Link to incidents in IRM as a result of this ticket. [ID: 1300460]
[ID: 1223088]
This field contains Gerrit urls of code changes that ‘fix’ a security bug (i.e., excluding logging/cleanup commits) and is used when a singular fix cannot be uniquely identified from the existing “Code Changes” field. The change can be in the chromium repo or any other third_party repo. [ID: 1358989]
UI
UI>Browser
UI>Browser>Mobile
[ID: 1253656]
View issue level access limits(Press Alt + Right arrow for more information)
Attachment actions
Unintended behavior
View staffing
Estimated effort
Description
Report description
Lockdown mode security UI spoofing
Bug location
Where do you want to report your vulnerability?
Chrome VRP – Report security issues affecting the Chrome browser.
The problem
Please describe the technical details of the vulnerability
On Chrome for iOS, if you access Settings > Privacy and security, it incorrectly shows that lockdown mode is currently disabled even when it’s enabled, creating a false security expectation.
Only if you tap on it then it will correctly display the current status of the feature.
Please briefly explain who can exploit the vulnerability, and what they gain when doing so
Security ui spoofing
The cause
What version of Chrome have you found the security issue in?
134.0.6998.33 for iOS
Is the security issue related to a crash?
No, it is not related to a crash.
Choose the type of vulnerability
Security UI Spoofing
How would you like to be publicly acknowledged for your report?
Don’t acknowledge