-2

Since Chrome and other browser's configuration flags are accessible via a URL, and the configuration is done typically within a web page, I was wondering if it presented a security vulnerability.

I was thinking it might be exploitable by a specifically-formed URL, such as

chrome://flags/javascript:handleEnableExperimentalFeature(Displaylist2Dcanvas, enable)

or by a bookmarklet-style javascript that loads and manipulates the flags page? I've tried to do this but it didn't work; I'm not sure if that's because I did it wrong, or because it just isn't vulnerable to that type of attack.

Pacific Bird
  • 286
  • 1
  • 3
  • 13
  • `I've tried to do this but it didn't work;` seeing your javascript code might be helpful. –  Jul 14 '17 at 16:43

1 Answers1

2

No you cannot do that. Just imagine if people could edit chrome flags via URL, it would be a disaster. Unless you write a chrome extension or some other client side application to change said chrome flag, you can't do that.

EyuelDK
  • 3,029
  • 2
  • 19
  • 27