Issue metadata
Sign in to add a comment
|
Security: JavaScript exploit disables normal ability to exit Full Screen
Reported by
linb...@gmail.com,
Aug 27 2016
|
||||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Normally a user should be able to leave Fullscreen Mode by pressing ESC or F11. However some scammers seem to have found a way to use JavaScript to force the user back into fullscreen mode upon leaving it, making it difficult for some users to escape the scam. VERSION Google Chrome 52.0.2743.116 (Official Build) m (32-bit) Revision 9115ecad1cae66fd5fe52bd9120af643384fd6f3-refs/branch-heads/2743@{#728} OS Windows 10 REPRODUCTION CASE The source code and relevant JavaScript is here: http://paste2.org/UPDmgWht Original URL: [http]://game99playgame99boxp[dot]club/newpince/crr_rre/index.html
,
Aug 30 2016
,
Nov 2 2016
,
Nov 4 2016
,
Nov 7 2016
Attaching code from http://paste2.org/UPDmgWht in case it goes away later.
,
Nov 7 2016
This looks like the same as issue 654140 , with fullscreen request on keyup for ESC and F11 and other keys, but leaving open to verify after that's fixed.
,
Nov 8 2016
Duping to Issue 654140 (where most of the discussion has taken place). This is the same bug as that (and verified that your fix addresses it). |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Aug 29 2016