Chrome CSS Background Attribute Data Exfiltration via Cross-Origin Requests

Key Information Vulnerability Description - Chrome's critical markup attack via background property allows data exfiltration, especially when the background property is applied to specific tags ( , , , , , , , , ). - This bypasses Chrome’s existing protections against dangerous inline markup, enabling cross-origin requests to carry secret tokens from forms. Specific Situation - Version: Chrome 79.0.3945.88 official build, 64-bit. - Issue Resolution: The project has implemented relevant security protocols to reduce vulnerability risks. Vulnerability Details - Using the background property on specific tags during webpage construction can trigger cross-origin requests, circumventing existing safeguards and exposing sensitive data from tables. Version - Specifies the exact Chrome version affected: official 64-bit build 79.0.3945.88. Reproduction Case - A link provides an example website demonstrating the vulnerability, showing how applying the background property to table tags results in cross-origin requests carrying form secret tokens. Reporter Information - Reporter: Luan Herrera, email anonymized as "he...@gmail.com". Persons Involved - Assigned to fu...@chromium.org. - Three reviewers involved, anonymized as mb...@@chromium.org and sh...@chromium.org. Labels - BLink>CSS. Key Information Extractor - Lauren Dengke.

Goal Reached Thanks to every supporter — we hit 100%!

Chrome CSS Background Attribute Data Exfiltration via Cross-Origin Requests