Thanks Michael!  Has this been exploited yet?  Did you find this yourself?

This is an interesting exploit -- Vidya, how easy would it be to fix this?  Kids are certainly creative and they could theoretically exploit this in high stakes exams?

+max for tracking

I found this by accident on my own while trying to reproduce  issue 614771  (title bar exposed for kiosk app on a touch-screen tablet).   I haven't heard of it being used in the wild.

I think that TestNav considers this a feature rather than a bug. Not image saving per se, but they allow you to save test results to a file so that you can transfer them to a USB drive if you lose network connectivity.

Wrt #7: Yes, but that feature is expressed in the UI as a button to save results/export results (exact wording escapes me) to external storage. The issue reported here bypasses the App UI, and exploits OS support for right-click / long-press, and saves to the SSD.

vidster: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

sduraisamy: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Any progress on this? We are nearing 55 stable and this is marked as a blocker, if we can get a fix in the next two days we can make the targeted RC, if not we may have to punt or delay. 

Xiyuan, can you please look into it?

https://codereview.chromium.org/2545433004/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8791e3898c6d8c25fdfc416bb0c427607f223851

commit 8791e3898c6d8c25fdfc416bb0c427607f223851
Author: xiyuan <xiyuan@chromium.org>
Date: Wed Nov 30 21:49:16 2016

kiosk: Use ContextMenuContentTypeAppMode when in app mode

Give ContextMenuContentTypeAppMode higher priority than
ContextMenuContentTypeWebView so that webview in kiosk mode
does not show undesired context menu.

BUG= 656188 

Review-Url: https://codereview.chromium.org/2545433004
Cr-Commit-Position: refs/heads/master@{#435429}

[modify] https://crrev.com/8791e3898c6d8c25fdfc416bb0c427607f223851/chrome/browser/renderer_context_menu/context_menu_content_type_factory.cc

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/105b053ee347b9df9d3ae575a378a3b7caf1d6ca

commit 105b053ee347b9df9d3ae575a378a3b7caf1d6ca
Author: Xiyuan Xia <xiyuan@google.com>
Date: Thu Dec 01 17:34:32 2016

Merge "kiosk: Use ContextMenuContentTypeAppMode when in app mode"

> Give ContextMenuContentTypeAppMode higher priority than
> ContextMenuContentTypeWebView so that webview in kiosk mode
> does not show undesired context menu.
>
> BUG= 656188 
>
> Review-Url: https://codereview.chromium.org/2545433004
> Cr-Commit-Position: refs/heads/master@{#435429}
> (cherry picked from commit 8791e3898c6d8c25fdfc416bb0c427607f223851)

Review URL: https://codereview.chromium.org/2544853002 .

Cr-Commit-Position: refs/branch-heads/2924@{#250}
Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}

[modify] https://crrev.com/105b053ee347b9df9d3ae575a378a3b7caf1d6ca/chrome/browser/renderer_context_menu/context_menu_content_type_factory.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4eeca377f0c99331e0e2e1df1f3b5650bb098df9

commit 4eeca377f0c99331e0e2e1df1f3b5650bb098df9
Author: Xiyuan Xia <xiyuan@google.com>
Date: Thu Dec 01 17:46:46 2016

Merge "kiosk: Use ContextMenuContentTypeAppMode when in app mode"

> Give ContextMenuContentTypeAppMode higher priority than
> ContextMenuContentTypeWebView so that webview in kiosk mode
> does not show undesired context menu.
>
> BUG= 656188 
>
> Review-Url: https://codereview.chromium.org/2545433004
> Cr-Commit-Position: refs/heads/master@{#435429}
> (cherry picked from commit 8791e3898c6d8c25fdfc416bb0c427607f223851)

Review URL: https://codereview.chromium.org/2533353005 .

Cr-Commit-Position: refs/branch-heads/2883@{#703}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/4eeca377f0c99331e0e2e1df1f3b5650bb098df9/chrome/browser/renderer_context_menu/context_menu_content_type_factory.cc

Verified in M55-Beta and M55-Stable, build 8872.67.0, chrome 55.0.2883.82.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot