mgiuca: Any updates here? We are getting new reports of this being exploited in the wild.

 Issue 679900  has been merged into this issue.

I haven't had time to look at it lately. I will try to make it a priority for 58.

+maybe httpauth? Re Trent, httpauth dialogs are also contributing.

mgiuca, any updates on this? Do you have any code pointers for where to start looking? If you have an idea how to get started that you can share, maybe we can find someone else to take it from there.

#8: estark: Sorry for the delay.

I don't have any knowledge about where this code would start (it's not in the fullscreen code, which I am familiar with, it would have to be in the alert popup displaying code).

The result, though, should simply be a call to Browser::ExitFullscreenModeForTab():
https://cs.chromium.org/chromium/src/chrome/browser/ui/browser.h?l=659

This might be really easy. Do you have anyone in mind to look at it? Otherwise I can try and do it.

If you need my help here, let me know and I'll pitch in.

We got a bug submission with an example of this being exploited, with page source attached:  issue 726761 . Fullscreen spoofs browser UI and alerts make it hard to get out of it.

 Issue 726761  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc

commit 0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc
Author: avi <avi@chromium.org>
Date: Tue Jun 13 03:22:13 2017

If JavaScript shows a dialog, cause the page to lose fullscreen.

BUG= 670135 ,  550017 ,  726761 ,  728276 

Review-Url: https://codereview.chromium.org/2906133004
Cr-Commit-Position: refs/heads/master@{#478884}

[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/chrome/browser/printing/print_job_worker.cc
[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/chrome/browser/printing/print_view_manager.cc
[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc/content/public/browser/web_contents.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f36b11b74a9d97621a65d466862948b0b8650889

commit f36b11b74a9d97621a65d466862948b0b8650889
Author: Avi Drissman <avi@chromium.org>
Date: Tue Jul 18 23:38:13 2017

If JavaScript shows a dialog, cause the page to lose fullscreen.

BUG= 670135 ,  550017 ,  726761 ,  728276 
TBR=avi@chromium.org

(cherry picked from commit 0720b02e4f303ea6b114d4ae9453e3a7ff55f8dc)

Review-Url: https://codereview.chromium.org/2906133004
Cr-Original-Commit-Position: refs/heads/master@{#478884}
Change-Id: Id833bfcc88e7faf9129ceb3184e11d37a71c61cc
Reviewed-on: https://chromium-review.googlesource.com/576402
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/branch-heads/3112@{#644}
Cr-Branched-From: b6460e24cf59f429d69de255538d0fc7a425ccf9-refs/heads/master@{#474897}
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/chrome/browser/printing/print_job_worker.cc
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/chrome/browser/printing/print_view_manager.cc
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/content/browser/web_contents/web_contents_impl.cc
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/content/browser/web_contents/web_contents_impl.h
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/content/browser/web_contents/web_contents_impl_browsertest.cc
[modify] https://crrev.com/f36b11b74a9d97621a65d466862948b0b8650889/content/public/browser/web_contents.h

 Issue 726351  has been merged into this issue.