New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 652817 link

Starred by 1 user
Status: Duplicate
Merged: issue 488143
Owner: ----
Closed: Oct 2016
Cc:
rdevlin....@chromium.org
ackermanb@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

more badwebsite can 'force' install extension

Reported by bau...@gmail.com, Oct 4 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.41 Safari/537.36

Steps to reproduce the problem:
1. open http://get-update.download/it/?zone=1380409
2. clic OK

What is the expected behavior?
never request to install extension in fullscreen, or request to clic one link to install...

What went wrong?
chrome authorize full screen and request to install extension!
must clic more time cancel and ESC key to quit this bad website

Did this work before? N/A 

Chrome version: 54.0.2840.41  Channel: beta
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: disabled
badextension.webm
1.5 MB View Download

Comment 1 by mea...@chromium.org, Oct 4 2016

Mergedinto: 488143
Status: Duplicate (was: Unconfirmed)
Thank you for the report, that's a very persistent page.

We are blocking inline install while in fullscreen mode at  bug 488143 , so I'm merging this bug into that one.

Comment 2 by mea...@chromium.org, Oct 4 2016

Cc: rdevlin....@chromium.org ackermanb@chromium.org
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 11 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by bau...@gmail.com, Jan 3 2018 

Hi,
another time, install extension in fullscreen work from bad page: https://youtu.be/iZ31dUc9_EU

Comment 5 by ackermanb@chromium.org, Jan 3 2018 

Thanks, we have another bug 695266 tracking this issue. I'm curious how did you find this page?

Comment 6 by bau...@gmail.com, Jan 3 2018 

looking for another Issue. (797492)
from link https://www.liens-telechargement.com/123455600123455602123455610123455615bf1nzhjpnp37  it opens several ads before giving access to a download link.
I usually use a real popup blocker. Chrome is still unable to do it. But for this Issue must disable it to find THE URL.

Many download sites do this (at least for French sites)

Comment 7 by bau...@gmail.com, Jan 3 2018 

I tried to retrieve the source of the bad page, because the url if opened in a private session has a normal behavior (attached)
but if open saved page in chrome, it's hang and difficult to close the tab. the mouse does not respond correctly
badpage.7z
30.3 KB Download

Sign in to add a comment