Possible exploit using the Install Extension dialog.
Reported by
mbu...@gmail.com,
Mar 5 2017
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. A website may sometimes redirect to a malicious domain which contains the exploit. What is the expected behavior? The Website will make the browser go into fullscreen mode and prompt the user to install a malicious extension, over and over again. What went wrong? The extension install can only be aborted using the abort button, but the website can't be stopped from reopening it immediately. The malicious website may also display a message trying to look like the chrome browser itself. The Extension Install dialog will also display on top of the fullscreen enabled message so users may not notice that they entered fullscreen mode. Did this work before? N/A Chrome version: 56.0.2924.87 Channel: stable OS Version: 10.0 Flash Version:
,
Mar 6 2017
mbust2@ - Thanks for filing the issue...!! Could you please provide a sample URL to test this issue. This will help us in triaging the issue further. Thanks...!!
,
Mar 6 2018
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by nyerramilli@chromium.org
, Mar 6 2017