Hi Pavel, Since Chrome is based on Chromium (an open source project), please file the report directly in their bug tracker: http://crbug.com The provides a number of benefits: - You get direct access to the same developers that will triage and fix the issue; and - Once it's fixed, the bug will be made public (though if you use the "Security Bug" template, the bug will be restricted to a small group of security engineers until this occurs). Regards, The Google Team Original Message Follows: ------------------------ From: Pavel Machek <pavel@xxxxxx> Subject: Copy&paste from web browser considered dangerous Date: Sat, 1 Jun 2013 15:46:00 +0200 > Hi! > > Apparently this is known for years, but... there are many legitimate > websites that expect you to copy&paste into terminal, but it is very > easy to paste something you did not want to. Demo is at > > http://thejh.net/misc/website-terminal-copy-paste > > I believe it is a bug in the web browser: if text was invisible on the > page, it should not go to the buffer. Javascript should not be able > play tricks with that. > > Or alternatively, if text on screen differs from text going to > copy-paste buffer, warning with new text should be displayed. > > (security@google cc-ed, at least chromium on debian 6 is affected). > Pavel > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html >
