Issue 680630 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 654140
Owner:	----
Closed:	Jan 2017
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug-Security
allpublic Via-Wizard-Security

A specially crafted website is able to make the whole chrome browser unusable

Reported by clopez@igalia.com, Jan 12 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

Steps to reproduce the problem:
1. Open this link in a new tab in chrome:
http://orsn.website/tuhi/a-titi.php?axerqs=366dttdwt472dfavx&uzr=adn&netw=netw_ysh&wo=0&zoneid=76047&clickID=*skU0hTCzCY&subid=73578&country=ES
2. Try to close that tab without having to close the whole browser

What is the expected behavior?
That tab can be closed without having to close the whole browser

What went wrong?
I had to close the whole browser.

Did this work before? N/A 

Chrome version: 55.0.2883.75  Channel: n/a
OS Version: Debian8
Flash Version:

Comment 1 by elawrence@chromium.org, Jan 12 2017

Mergedinto: 654140
Status: Duplicate (was: Unconfirmed)

This is another case of abuse of the fullscreen API which was fixed in Chrome 56;  issue 654140

Project Member

Comment 2 by sheriffbot@chromium.org, Apr 21 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 680630 link

Issue metadata

A specially crafted website is able to make the whole chrome browser unusable

Issue description

Comment 1 by elawrence@chromium.org, Jan 12 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Apr 21 2017

Comment 2 Deleted

Sign in to add a comment