New issue
Advanced search Search tips

Issue 679900 link

Starred by 2 users
Status: Duplicate
Merged: issue 670135
Owner: ----
Closed: Feb 2017
Cc:
a...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Fullscreen not dismissed when pressing esc if an alert dialog is active

Reported by greencar...@hotmail.com, Jan 10 2017 
VULNERABILITY DETAILS
It's possible to trap a google chrome user within a fullscreen using looped fullscreen requests.

It's also possible to cover the 'Press Esc to exist full screen' message can be covered using a timed alert box. We can also display a fake browser using an image to spoof websites.

VERSION
Chrome Version: [55.0.2883.87] + [stable]
Operating System: Windows 8.1 x64

REPRODUCTION CASE

1. Open attached html PoC file.
2. Click button
3. You will enter fullscreen with an attempt to spoof google.com using an image + the normal indication than you're in fullscreen was obfuscated by alert box.

4. Attempt to exit fullscreen by hitting 'Esc', fullscreen will happen again
fullScreenPoC.html
745 bytes View Download

Comment 1 by elawrence@chromium.org, Jan 11 2017

Components: UI>Browser>FullScreen
Sounds like  Issue 654140  initially fixed in 56.0.2915.0?

Comment 2 by elawrence@chromium.org, Jan 11 2017

Status: Untriaged (was: Unconfirmed)
In Chrome 57 on Mac, the "Press Esc to exit fullscreen" notice appears atop the alert dialog, but hitting ESC at that point doesn't dismiss fullscreen (due to the alert)-- that feels problematic.

The fix for 654140 does appear to prevent repeated entry into fullscreen.

Comment 3 by greencar...@hotmail.com, Jan 11 2017 

Please note I originally saw the behavior (but came up with the PoC myself) on a fake support website http://methodasist.online/

So this is actively being used in the wild.

Comment 4 by mbarbe...@chromium.org, Jan 14 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Team-Security-UX Type-Bug
Summary: Fullscreen not dismissed when pressing esc if an alert dialog is active (was: Security: Fullscreen can be spammed and covered.)
Thanks for the report. The fullscreen looping problem was fixed in  issue 654140 , as pointed out in c#1. I've verified that this part of the poc no longer works on trunk.

I agree with elawrence that the alert issue is problematic as well, and warrants another bug. Updating the summary to reflect this.

I don't think we'd consider either of these issues security vulnerabilities, though.  Issue 654140  was already public, as it's a denial of service (see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Are-denial-of-service-issues-considered-security-bugs- for more information). The second bug is potentially confusing for users, but doesn't seem particularly severe.

Comment 5 by nparker@chromium.org, Jan 26 2017

Cc: a...@chromium.org
Labels: Pri-1

Comment 6 by mea...@chromium.org, Feb 7 2017

Mergedinto: 670135
Status: Duplicate (was: Untriaged)
The second part of the bug (alert dialogs obscuring the fullscreen notification) is being tracked at  bug 670135 .

Sign in to add a comment