Issue metadata
Sign in to add a comment
|
Security: Opening popup without user's interaction
Reported by
ondrejko...@gmail.com,
Aug 25 2016
|
||||||||||||||||||||
Issue descriptionThis bug allows by clicking/opening url open a popup window. VULNERABILITY DETAILS It can be used for phishing, advertisment and many more. It can also open popup from e-mail after clicking on a link. Script simulates a click event on a button which opens the popup and moves history back (so the page disappears). It also tries to close the new window if history.back didn't work. Buttons are hidden using CSS. VERSION Chrome Version: 52.0.2743.116 (Oficiálne zostavenie) m (32-bitová verzia) Operating System: the newest Windows 10 with Anniversary update REPRODUCTION CASE Navigate to file's URL to open popup.
,
Aug 25 2016
Jochen, can you please take a look or suggest an owner.
,
Aug 26 2016
I can't reproduce this on ToT nor on stable
,
Aug 26 2016
,
Aug 30 2016
marking as wontfix due to no additional feedback
,
Dec 7 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ondrejko...@gmail.com
, Aug 25 2016