New issue
Advanced search Search tips

Issue 660672 link

Starred by 3 users

Issue metadata

Status: Archived
Owner: ----
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug


Show other hotlists

Hotlists containing this issue:
Hotlist-1


Sign in to add a comment

Pop up going full screen and then blocking close button out with alert dialog

Reported by adee...@gmail.com, Oct 29 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36

Steps to reproduce the problem:
Relative ended up on this page without 'doing' anything. I'm assuming they clicked some ad 'offering free iPhone' but not sure. 

What is the expected behavior?
To be able to close the tab or window

What went wrong?
1. You have got to be able to close the window without the dialog taking over the whole UI focus. It is insane how easy it is for a web developer to completely force you to do something.

2. I'm not sure how it was done but they okay button was on the dialog was blocked. I'm not entirely sure how it was done but hovering the mouse over the OK button made the cursor turn into a text input cursor. I'm assuming they have an input control loaded on top of the OK button to take away the click event from it? I'm not sure.

3. How the heck they have forced to show Microsoft SSL on this?

Did this work before? N/A 

Chrome version: 54.0.2840.71  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 23.0 r0

I have attached the screenshot.

Only way around was Ctrl + Alt + Del and end Chrome process.
 
snap.png
115 KB View Download
Labels: Pri-1
Cc: jmukthavaram@chromium.org
Labels: Needs-Feedback
Unable to reproduce the issue on Win 7, Mac 10.12.2 and Ubuntu 14.04 with stable#55.0.2883.87 & latest canary version#57.0.2965.0.

Not observed any popup when we navigate to the URL mentioned in the screenshot of Comment#0.

Could you please check the issue on latest stable version of chrome & let us know the repro steps to triage the issue further if still issue persists.

Please find the attached screencast for reference.

Thank you.
660672.mp4
1.2 MB View Download

Comment 3 by ajha@chromium.org, Jan 18 2017

Cc: ajha@chromium.org
Components: -UI Blink>WindowDialog
adeel.e@: Do you still see the issue on the latest stable(55.0.2883.87) as well? If yes, would it be possible for you to provide any consistent URL where the issue is seen.

Labelling the bug with respective component.

Comment 4 by vonru...@gmail.com, Mar 22 2017

I've also seen this browser hijack used at 
http://moneychangedfrank.club/0x00ef/index.html?n=+1%20888-727-1407

Making the alert box module is causing severe restrictions on the users ability to control their own browser and system. You cannot move tabs away, open a new instance or even enter the internal task listing in order to close the abusive tab. 

Short of preventing on the first alert, then holding escape while closing the window, your only option is to end task on the entire chrome application through task manager. 

Why are alerts even module? This opens a huge door for abuse from outside sources. 
BackHack1.png
68.9 KB View Download
backhack2.png
75.5 KB View Download

Comment 5 by vonru...@gmail.com, Mar 22 2017

Sorry for a chain, probably should have included this as well. Attached version page.

Added information: Build: 57.0.2987.110 (64-bit) (Windows 10) confirmed exhibited behavior on most recent update as of 03/22/2017 - 4:32pm PST 

The URL in screenshot 0 is purposely being obfuscated by the offending url mentioned in Comment 4, to appear as a valid microsoft website. Reported website is listed as an ad.fly sponsor. I've notified ad.fly of the offender now several times, without any resolution. 

Of course, a better solution could probably be had, browser side.
Version.png
50.1 KB View Download
Project Member

Comment 6 by sheriffbot@chromium.org, Mar 23 2018

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment