Issue metadata
Sign in to add a comment
|
Spam/phishing bug with full screen and dialogue creation
Reported by
mi...@singulink.com,
Dec 15 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Steps to reproduce the problem: **WARNING** this is a phishing/spam site that I was redirected to, could be malicious: Go to: https://s3.amazonaws.com/vv-bb-20/dfggf/ts-chrome-en/index.htm?n=1-305-985-6352 What is the expected behavior? Chrome should not allow a website to go fullscreen and stop the user from closing a website and constantly pop-up dialogues. What went wrong? Website goes fullscreen without web page interaction constantly and allows the website to constantly popup dialogues, even when the "Prevent this page from creating additional dialogues" option is checked. Did this work before? N/A Chrome version: 55.0.2883.87 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 24.0 r0
,
Dec 15 2016
Phishing sites can be reported to safe browsing (the service we use for detection of sites like this) at https://safebrowsing.google.com/safebrowsing/report_phish/?rd=1&hl=en c#1: The fact that the URL displayed in the omnibox doesn't match what you're seeing on the page is the best way to identify a phishing site. It's certainly possible.
,
Dec 15 2016
I'm not reporting the phishing site. I'm pointing out a security bug in Chrome. I believe it is a security bug that the URL in the dialogue has been allowed to be changed to something arbitrary, is it not? The webpage should not have access to change the title of the dialogue. Further, I consider it a security bug that the page is going into fullscreen without the user clicking a full screen button and the fact that the popup cannot be stopped. |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mi...@singulink.com
, Dec 15 2016