Issue metadata
Sign in to add a comment
|
Security: permission prompts should not focus on 'Allow' by default |
||||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS When Chrome opens a permission prompt for location, notification or other permission, it focuses on the 'Allow' button by default. If the page can trick the user into hitting space or enter many times (for example using a game), the page could get the permission without the user noticing it. The page would request permission when the user is expected to hit space or enter very soon, so that when the user presses the button, they actually grant the permission to the app. Since the app is notified when the prompt is accepted, it can respond to the input as if no permission was asked. Based on my limited testing, Firefox, IE and Chrome/OSX does not focus on 'Allow' by default, but Chrome on Linux and Windows does. Safari focuses on 'Allow' by default, but it has a very noticeable animation when the prompt pops up, so it would be harder to trick the user. VERSION Chrome Version: 52.0.2743.116 stable Operating System: Ubuntu REPRODUCTION CASE Demo: https://horvathnyaralo.hu/x/BGqioInfMl/ When it works as intended, it looks like this: https://youtu.be/chLf7OGKFI8
,
Aug 25 2016
,
Aug 25 2016
,
Aug 25 2016
Thanks, could you give me access to 619429?
,
Aug 25 2016
Done.
,
Dec 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Aug 25 2016Labels: Security_Severity-Medium Security_Impact-Stable Pri-1
Owner: benwells@chromium.org
Status: Assigned (was: Unconfirmed)