Issue metadata
Sign in to add a comment
|
Fullscreen not dismissed when pressing esc if an alert dialog is active
Reported by
greencar...@hotmail.com,
Jan 10 2017
|
||||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS It's possible to trap a google chrome user within a fullscreen using looped fullscreen requests. It's also possible to cover the 'Press Esc to exist full screen' message can be covered using a timed alert box. We can also display a fake browser using an image to spoof websites. VERSION Chrome Version: [55.0.2883.87] + [stable] Operating System: Windows 8.1 x64 REPRODUCTION CASE 1. Open attached html PoC file. 2. Click button 3. You will enter fullscreen with an attempt to spoof google.com using an image + the normal indication than you're in fullscreen was obfuscated by alert box. 4. Attempt to exit fullscreen by hitting 'Esc', fullscreen will happen again
,
Jan 11 2017
In Chrome 57 on Mac, the "Press Esc to exit fullscreen" notice appears atop the alert dialog, but hitting ESC at that point doesn't dismiss fullscreen (due to the alert)-- that feels problematic. The fix for 654140 does appear to prevent repeated entry into fullscreen.
,
Jan 11 2017
Please note I originally saw the behavior (but came up with the PoC myself) on a fake support website http://methodasist.online/ So this is actively being used in the wild.
,
Jan 14 2017
Thanks for the report. The fullscreen looping problem was fixed in issue 654140 , as pointed out in c#1. I've verified that this part of the poc no longer works on trunk. I agree with elawrence that the alert issue is problematic as well, and warrants another bug. Updating the summary to reflect this. I don't think we'd consider either of these issues security vulnerabilities, though. Issue 654140 was already public, as it's a denial of service (see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Are-denial-of-service-issues-considered-security-bugs- for more information). The second bug is potentially confusing for users, but doesn't seem particularly severe.
,
Jan 26 2017
,
Feb 7 2017
The second part of the bug (alert dialogs obscuring the fullscreen notification) is being tracked at bug 670135 . |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 11 2017