The WebContentsImpl::FocusLocationBarByDefault function in
content/browser/web_contents/web_contents_impl.cc in Google Chrome before
50.0.2661.75 mishandles focus for certain about:blank pages, which allows
remote attackers to spoof the address bar via a crafted URL.
Author | Note |
---|---|
chrisccoulson | This logic for focusing the location bar in Chrome is not used in Oxide |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 50.0.2661.102-0ubuntu0.14.04.1.1117 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 50.0.2661.102-0ubuntu0.15.10.1.1227 | UNKNOWN |
ubuntu | 16.04 | noarch | chromium-browser | < 50.0.2661.102-0ubuntu0.16.04.1.1237 | UNKNOWN |