Issue metadata
Sign in to add a comment
|
Security: Force Fullscreen
Reported by
ronalddv...@gmail.com,
Jan 17 2017
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Chrome is forced to be in fullscreen. This can be used in a malicious way. For example a criminal send a link to a victim. On the page it says you must download X application otherwise you will be stuck in this screen. I think this is a very serious bug as you can take over of others chrome browser. VERSION Chrome Version: Version Version 55.0.2883.87 m (64-bit) - I think It's stable not sure. Operating System: Windows 10 PRO Fully updated REPRODUCTION CASE Click anywhere on the white page when you open the index.html after that chrome will be forced to fullscreen.
,
Jan 17 2017
The dialog box clearly shows that the user went in full screen and ESC key works to exit fullscreen. This is not a security vulnerability.
,
Jan 17 2017
Hey, I think you did not re-produce the issue correctly. I have made a video about the issue. https://www.youtube.com/watch?v=L6Xr2wfxm4c As you can see the user is forced to be in full-screen. Pressing "ESC" doesn't exit full-screen.
,
Jan 17 2017
Did you even check my index.html file? When you open the index and click anywhere on the page you're forced to be in full-screen.
,
Apr 25 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by ronalddv...@gmail.com
, Jan 17 20172.1 KB
2.1 KB View Download