Security: DoS possible in chrome browser
Reported by
pvishal...@gmail.com,
Nov 7 2016
|
||||
Issue descriptionHi chrome team, VULNERABILITY DETAILS Basically I have found a denial of service attack on Chrome browser in window platform.In this bug when we open the html file or visiting (www.tiks.host-ed.me) then click on pop up dos.html ,(which contains a recurring pop up code),the Pop up freezes the entire browser window except for minimize button and on maximizing it hangs, we can't close any tabs neither using (Ctrl+w) to close current tab that is causing recursion.And in safari browser Pop up's come after some time delays that allows user to stop the running process by clicking on (X) in URL. VERSION Chrome Version: Latest version Operating System: Windows 7 (x64) REPRODUCTION CASE i have created a HTML page.just open in chrome browser. please let me know if you want more info or PoC.
,
Nov 7 2016
Can you please clarify what the DoS here is? Assuming that your popup blocker settings aren't modified (i.e. you didn't manually disable the popup blocker), the attached demo doesn't open a single popup, and the alert() dialogs can be dismissed by checking the "prevent this page from showing further dialogs" setting in the alert itself
,
Nov 11 2016
pvishal327@, Could you please respond as per comment #2
,
May 4 2017
jochen: popup window aside, the "prevent this page..." checkbox does not appear in the repeated alert dialog on Windows :-(
,
May 4 2017
I'm closing this, as this has gotten no feedback. Michael, the "prevent this page" checkbox was deliberately removed. If a tab is harassing you with alerts, close it. |
||||
►
Sign in to add a comment |
||||
Comment 1 by nparker@chromium.org
, Nov 7 2016Components: UI>Browser>PopupBlocker
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Pri-2 Type-Bug