Google Chrome Javascript Status Bar Exploit
2 years ago
00:00
54
More
2. Google Chrome Javascript Status Bar Exploit
2 years ago
This video demonstrates a way to exploit Chrome's statusbar UI and trick a user into clicking a seemingly safe link. The exploit is performed using nothing more than Javascript, HTML and CSS3.
This is possible because Chrome houses the statusbar within the browser frame, allowing a smart designer to emulate the exact status bar UI. The only real fix to this issue is to house the status bar outside of the web frame.
You can see the working code here: gnuu.org/chrome_status_exploit
Blog post: gnuu.org/2009/07/15/google-chrome-status-bar-exploit-using-javascript/
This is possible because Chrome houses the statusbar within the browser frame, allowing a smart designer to emulate the exact status bar UI. The only real fix to this issue is to house the status bar outside of the web frame.
You can see the working code here: gnuu.org/chrome_status_exploit
Blog post: gnuu.org/2009/07/15/google-chrome-status-bar-exploit-using-javascript/
Prev week
-
Vimeo: About / Blog / Developers / Jobs /
Community Guidelines /
Help Center / Video School / Music Store / Site Map
/ Vimeo
or 
-
Legal: TM + ©2012 Vimeo, LLC. All rights reserved. / Terms of Service / Privacy Statement / Copyright
It's a common DOM manipulation in javascript.
For example with #Prototype.js:
(a href="//vimeo.com/" id="do")xyz(/a)
(script type="text/javascript")
Event.observe ( $('do'), 'click', function ( event ) { event.stop(); return window.location.href = "//microsoft.com/"; } );
(/script)