Open Redirect Via Chrome Extension

Disclosed by
Captain_hook
  • Engagement ExpressVPN
  • Disclosed date almost 5 years ago
  • Points 5
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by ExpressVPN

This bug allowed open redirects to any webpage by using the “Network Lock” page in our browser extension. We considered this bug low-risk due to the nature of the URL formatting, which required chrome://browser-extension-id/.. to be included, which is very obvious and unusual and because an attacker can easily mimic the look and feel of our Network Lock page (or any page) if they can already get a user to click on a link. The issue is resolved in version 4.9.6.4116 and later of our Chrome Extensions. Customers should be getting these updates automatically.

Summary by Captain_hook

The Issue " unvalidated redirects and forwards " Was found on expressVPN Chrome Extension
this should be limited on Web page target that an attacker won't able to change destination

Cheers,

Activity