New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 641711 link

Starred by 4 users

Issue metadata

Status: Duplicate
Merged: issue 654140
Owner:
Closed: Nov 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug

Blocked on:
issue 654140



Sign in to add a comment

Security: JavaScript exploit disables normal ability to exit Full Screen

Reported by linb...@gmail.com, Aug 27 2016

Issue description



VULNERABILITY DETAILS
Normally a user should be able to leave Fullscreen Mode by pressing ESC or F11.

However some scammers seem to have found a way to use JavaScript to force the user back into fullscreen mode upon leaving it, making it difficult for some users to escape the scam.

VERSION
Google Chrome	52.0.2743.116 (Official Build) m (32-bit)
Revision	9115ecad1cae66fd5fe52bd9120af643384fd6f3-refs/branch-heads/2743@{#728}
OS	Windows 10

REPRODUCTION CASE
The source code and relevant JavaScript is here: http://paste2.org/UPDmgWht
Original URL:
[http]://game99playgame99boxp[dot]club/newpince/crr_rre/index.html

 
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
This is more of an annoyance bug than a security vulnerability. Removing security tags.
Labels: TE-NeedsTriageHelp
Components: Blink>Fullscreen

Comment 4 by e...@chromium.org, Nov 4 2016

Owner: foolip@chromium.org
Status: Assigned (was: Unconfirmed)
Attaching code from http://paste2.org/UPDmgWht in case it goes away later.
index.html
80.4 KB View Download
Blockedon: 654140
Cc: foolip@chromium.org
Labels: -TE-NeedsTriageHelp
Owner: mgiuca@chromium.org
This looks like the same as  issue 654140 , with fullscreen request on keyup for ESC and F11 and other keys, but leaving open to verify after that's fixed.
Cc: -foolip@chromium.org mgiuca@chromium.org
Mergedinto: 654140
Owner: foolip@chromium.org
Status: Duplicate (was: Assigned)
Duping to  Issue 654140  (where most of the discussion has taken place).

This is the same bug as that (and verified that your fix addresses it).

Sign in to add a comment