Pop up going full screen and then blocking close button out with alert dialog
Reported by
adee...@gmail.com,
Oct 29 2016
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36 Steps to reproduce the problem: Relative ended up on this page without 'doing' anything. I'm assuming they clicked some ad 'offering free iPhone' but not sure. What is the expected behavior? To be able to close the tab or window What went wrong? 1. You have got to be able to close the window without the dialog taking over the whole UI focus. It is insane how easy it is for a web developer to completely force you to do something. 2. I'm not sure how it was done but they okay button was on the dialog was blocked. I'm not entirely sure how it was done but hovering the mouse over the OK button made the cursor turn into a text input cursor. I'm assuming they have an input control loaded on top of the OK button to take away the click event from it? I'm not sure. 3. How the heck they have forced to show Microsoft SSL on this? Did this work before? N/A Chrome version: 54.0.2840.71 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 23.0 r0 I have attached the screenshot. Only way around was Ctrl + Alt + Del and end Chrome process.
,
Dec 29 2016
Unable to reproduce the issue on Win 7, Mac 10.12.2 and Ubuntu 14.04 with stable#55.0.2883.87 & latest canary version#57.0.2965.0. Not observed any popup when we navigate to the URL mentioned in the screenshot of Comment#0. Could you please check the issue on latest stable version of chrome & let us know the repro steps to triage the issue further if still issue persists. Please find the attached screencast for reference. Thank you.
,
Jan 18 2017
adeel.e@: Do you still see the issue on the latest stable(55.0.2883.87) as well? If yes, would it be possible for you to provide any consistent URL where the issue is seen. Labelling the bug with respective component.
,
Mar 22 2017
I've also seen this browser hijack used at http://moneychangedfrank.club/0x00ef/index.html?n=+1%20888-727-1407 Making the alert box module is causing severe restrictions on the users ability to control their own browser and system. You cannot move tabs away, open a new instance or even enter the internal task listing in order to close the abusive tab. Short of preventing on the first alert, then holding escape while closing the window, your only option is to end task on the entire chrome application through task manager. Why are alerts even module? This opens a huge door for abuse from outside sources.
,
Mar 22 2017
Sorry for a chain, probably should have included this as well. Attached version page. Added information: Build: 57.0.2987.110 (64-bit) (Windows 10) confirmed exhibited behavior on most recent update as of 03/22/2017 - 4:32pm PST The URL in screenshot 0 is purposely being obfuscated by the offending url mentioned in Comment 4, to appear as a valid microsoft website. Reported website is listed as an ad.fly sponsor. I've notified ad.fly of the offender now several times, without any resolution. Of course, a better solution could probably be had, browser side.
,
Mar 23 2018
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by ligim...@chromium.org
, Nov 2 2016