{"updated":"2025-01-20T17:48:55.511576+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00146812","sets":["6164:6165:6462:8443"]},"path":["8443"],"owner":"11","recid":"146812","title":["Google Chromeのパスワードマネージャの脆弱性"],"pubdate":{"attribute_name":"公開日","attribute_value":"2015-10-14"},"_buckets":{"deposit":"88fa11b5-b784-4c86-804d-1e0e22973484"},"_deposit":{"id":"146812","pid":{"type":"depid","value":"146812","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"Google Chromeのパスワードマネージャの脆弱性","author_link":["230555","230557","230558","230556","230554","230553"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Google Chromeのパスワードマネージャの脆弱性"},{"subitem_title":"Vulnerability of Password Manager in Google Chrome","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CSS，password manager，Google Chrome，HTML injection","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2015-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学大学院"},{"subitem_text_value":"東京電機大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/146812/files/IPSJ-CSS2015020.pdf","label":"IPSJ-CSS2015020.pdf"},"date":[{"dateType":"Available","dateValue":"2017-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2015020.pdf","filesize":[{"value":"346.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"7ddd119b-99c4-4366-8538-d9177f1d7668","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2015 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"市原, 隆行"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"寺本, 健悟"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齊藤, 泰一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takayuki, Ichihara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kengo, Teramoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Taiichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Google Chrome のパスワードマネージャは，保存されたユーザ ID とパスワードを補完するオートコンプリート機能を持つ．本稿は Google Chrome のパスワードマネージャの脆弱性を示す．WhiteScid と Andrea Giammarchi は，FireFox と Internet Explorer のパスワードマネージャの脆弱性を報告しているが，それらを利用する攻撃は XSS 脆弱性を必要とする．一方，我々の示す Google Chrome の脆弱性を利用する攻撃は，HTML インジェクション脆弱性のみを必要するため，JavaScript が動作しない環境であっても実行可能である．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"This paper presents a password manager's vulnerability in Google Chrome. Even when the hostname in a page's URL is the same as in the login page but the action attribute is not the same, if the username textbox is clicked and the username is selected from the suggested list of options, the password manager fills in the corresponding password. This allows attackers to steal the username-password pair saved in the password manager if the login page or other pages in the same domain are vulnerable to HTML injection.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"153","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2015論文集"}],"bibliographicPageStart":"148","bibliographicIssueDates":{"bibliographicIssueDate":"2015-10-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2015"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:22:09.134932+00:00","id":146812,"links":{}}