Status Update
No update yet.
Comments
es...@chromium.org
Project: platform/frameworks/support
Branch: androidx-main
Author: Radha Nakade <
Link:
Migrate traffic from pixel2 to mediumphone on FTL emulators.
Expand for full commit details
Migrate traffic from pixel2 to mediumphone on FTL emulators.
Bug: 396715333
Test: ./gradlew emoji2:emoji2-emojipicker:ftlmediumphoneapi33
Change-Id: If5555443ca1a91479128e1bd6f4f909154c40ba2
Files:
- M
buildSrc/private/src/main/kotlin/androidx/build/FtlRunner.kt
Hash: c76f8094154101867327912e659ae47509755957
Date: Wed Feb 26 11:27:46 2025
kh...@gmail.com
Thank you for your response.
🔴The severity of this issue depends on the context:
-
High Severity (Security Risk) – If JavaScript is executing without user interaction on a potentially malicious site, it could indicate XSS (Cross-Site Scripting), or browser exploitation. This could lead to unauthorized data access or malware execution.
-
Medium Severity (Privacy Concern) – If a site is executing JavaScript without explicit user permission, it might be tracking behavior, logging keystrokes, or displaying intrusive popups.
🔴JavaScript is already executing without any user interaction.
🔴 I can perform both pop-ups and redirects, as well as force file downloads through (JavaScript execution—without requiring user interaction.) This type of execution is commonly exploited in various attacks, including malware threats such as Adware, Spyware, and more. Given the security implications, I believe an S4 severity rating may not fully reflect the risk.
Would it be possible to reconsider the severity level?
Best Regards
pa...@google.com
Thanks!!
kh...@gmail.com
Thanks for reaching out! This is actually a security issue, not a feature request.
Thank you for your response.
🔴The severity of this issue depends on the context:
-
High Severity (Security Risk) – If JavaScript is executing without user interaction on a potentially malicious site, it could indicate XSS (Cross-Site Scripting), or browser exploitation. This could lead to unauthorized data access or malware execution.
-
Medium Severity (Privacy Concern) – If a site is executing JavaScript without explicit user permission, it might be tracking behavior, logging keystrokes, or displaying intrusive popups.
🔴JavaScript is already executing without any user interaction.
🔴 I can perform both pop-ups and redirects, as well as force file downloads through (JavaScript execution—without requiring user interaction.) This type of execution is commonly exploited in various attacks, including malware threats such as Adware, Spyware, and more. Given the security implications, I believe an S4 severity rating may not fully reflect the risk.
Would it be possible to reconsider the severity level?
Best Regards
pe...@google.com
Thank you for providing more feedback. Adding the requester to the CC list.
ka...@google.com
Requesting dev team please look into this issue.
Thanks,
kh...@gmail.com
Would it be possible to revisit the severity level? Please refer to comment 3.
kh...@gmail.com
Would it be possible to revisit the severity level? Please refer to comment 3 + comment 9
PoC for Hidden Form-Based Cookie Exfiltration
Title: Hidden Form Auto-Submission PoC for Cookie Exfiltration
Description:
A critical vulnerability has been identified where an attacker can exploit an attacker can exploit a hidden form with auto-submission to exfiltrate user cookies, browser details, and referrer data. This Proof of Concept (PoC) demonstrates how an attacker can silently extract this information upon page load, requiring no user interaction.
PoC Code: CookieHunt2025.html (Attached)
Steps to Reproduce - Hosting the PoC HTML File:
1.Remote Host
- 1: Host on a Remote Web Server
- Upload
CookieHunt2025.htmlto a public web server (e.g., Apache, Nginx, Netlify, or GitHub Pages). - Ensure the page is accessible via a public URL, e.g.,
https://attacker.com/CookieHunt2025.html.
- Upload
2. Open the Hosted Page
- Visit the hosted PoC URL in any browser.
- The page automatically collects the following data:
document.cookie(Session cookies)navigator.userAgent(Browser and OS details)document.referrer(Previous webpage URL)
3. Observe the Data Exfiltration
- The hidden form automatically submits the stolen data to an attacker's endpoint (e.g., Formspree or an attacker-controlled server).
- If using an HTTP request logger (e.g., Burp Suite, RequestBin), observe the exfiltrated data in real-time.
Mitigation Recommendations:
- Enforce Content Security Policy (CSP) to block unauthorized form submissions.
- Set HttpOnly and Secure attributes for cookies to prevent JavaScript access.
- Implement SameSite cookie restrictions to prevent cross-site attacks.
- Use Subresource Integrity (SRI) to prevent injection of malicious scripts.
Impact:
This vulnerability poses a severe security risk by enabling attackers to exfiltrate user cookies, referrer URLs, and browser details without the victim's knowledge. The exploit can be embedded in:
- Phishing pages to steal authentication tokens.
- Malicious advertisements to harvest session data.
- Compromised websites to silently siphon sensitive information.
If successfully exploited, this attack could lead to session hijacking, unauthorized account access, and further exploitation of compromised user credentials.
kh...@gmail.com
Note: You can try hosting your own form. I replaced the form URL (
This attack could lead to session hijacking, unauthorized account access, and further exploitation of compromised user credentials.
Cookie Stealing:
🔴The severity of this issue:
- 🔴Critical: If you can steal authentication cookies (e.g., session cookies) and take over user accounts without user interaction, it is considered critical.
Best Regards
Description
Report description
JavaScript Execution Without User Interaction: Pop-Ups, Redirects, and Security Risks
Bug location
Where do you want to report your vulnerability?
Chrome VRP – Report security issues affecting the Chrome browser.
Which URL (or repository) have you found the vulnerability in?
chrome://settings/content/popups
The problem
Please describe the technical details of the vulnerability
Description:
A security issue in Chrome allows JavaScript Execution without user interaction, bypassing built-in protections like pop-up blocking and redirect restrictions. This type of JavaScript execution is often used in various attacks, including malware attacks such as adware, spyware, and more.
Tested Environments
Steps to Reproduce:
1-In the PoC video, focus on Enhanced Protection** and Privacy and Security settings. Pop-ups and redirects chrome://settings/content/popups "Don't allow sites to (send pop-ups) or (use redirects)"
2-Create an HTML file with the following code:
3-I can do both: use pop-ups and redirects, and force file downloads with JavaScript execution without user interaction. This type of JavaScript execution is often used in various attacks, including malware attacks such as adware, spyware, and more. Best Regards
Please briefly explain who can exploit the vulnerability, and what they gain when doing so
Impact:
🔴I can do both: use pop-ups and redirects, and force file downloads with JavaScript execution without user interaction. This type of JavaScript execution is often used in various attacks, including malware attacks such as Adware, Spyware, and more.
The cause
What version of Chrome have you found the security issue in?
Version 133.0.6943.142 (Official Build) (64-bit)
Is the security issue related to a crash?
No, it is not related to a crash.
Choose the type of vulnerability
Permissions Bypass
How would you like to be publicly acknowledged for your report?
Ghost Shell