The Possibility of Potential Security Hole in Chrome

I am not professional in JavaScript development. I’ve just wondered when I noticed that it would be possible to pop-up a hyperlink component in Yahoo mail and change the tab within Google Chrome and set the content of the pop-up within another tab page and send hyperlink back. It is not possible in other browsers. Just have a look at attached images and let me know if it is safe enough or not?

I am talking about the possibility of transferring a user input value from a tab page to another one which is completely irrelevant to the first one.


Catching some thing to another page.

I am not sure if it is a security hole or not. I think Google developers care about it. However this point can be abused by hackers to grab information of a non professional and beginner user during busy times which she trusts to regular behaviors of the browser.
I tried to find something the bug report link or contact us in Chrome page but I couldn’t find it.

This entry was posted in Networking, Web. Bookmark the permalink.

6 Responses to The Possibility of Potential Security Hole in Chrome

  1. Pingback: Google Chrome A Weak Security Behavior | datispars blog

  2. This is the blue screen of google and chrome !!!

  3. Hamid says:

    if it was as you say (because i don’t have MAC to check) it’s not a complete security hole but it has potential of abusing

  4. Khashayar says:

    For me it’s a nice feature rather than a bug or security hole or …
    How many time this happened to you that you wanted to copy something from next tab on a popped “prompt box” but you couldn’t because of the model dialog.

    You said:
    I am taking about the possibility of transferring a user input value from a tab page to another one which is completely irrelevant to the first one.

    But there’s a bold text in header of the dialog that displays its domain name. so it’s obvious that this dialog popped from which domain.

    You also said:
    this point can be abused by hackers to grab information of non professional and beginner users during busy times which they trust to regular behaviors of the browser.

    But for me as a web dev, How I can do such a thing. should I pop a dialog in every x seconds and force the user to enter WHAT? How I could predict if user is now busy with the other tabs?

    To make this happen, you need to have this conditions:
    1. Have a good ranked website that pops a dialog in every x seconds. (Can you really do such a annoying thing and make rank?)
    2. Your victim is about to enter a sensitive data in other tabs.
    3. And she ain’t notice the domain name of popped dialog and enters hers data into your dialog box.

    you do the calculation.
    Come on buddy 😉

    • admin says:

      Thank you Khashayar for your complete explanation. However I still believe separating different concerns gives the user a kind of safety which makes her sure do things more easily within a certain boundary. Meanwhile I believe in your profession in this field so I do respect your vision while I still insist on the fact this feature may be abused by hackers.

Leave a Reply