Malicious Page can prevent itself from being closed
Reported by
pad...@gmail.com,
Mar 26 2017
|
||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. Visit http://qqwueu21841.ru/krenschit/de/index.php?Repair 2. Try to close all dialogs popping up 3. Try to press Ctrl-W or click the tab's X to close the Page What is the expected behavior? All interactions with the alert box are isolated from the page, so that I can suppress further alerts. What went wrong? The Site is able to prevent me from closing all its alerts (by prompting an extension installation) Did this work before? N/A Chrome version: 56.0.2924.87 Channel: n/a OS Version: 10.0 Flash Version: Shockwave Flash 25.0 r0 Alt-F4 was able to close the entire browser window
,
Mar 27 2017
,
Mar 28 2017
unable to open the provided url in comment#0.Getting 404 error. padixt@ could you please provide other url to triage the issue from TE end. Thanks..
,
Mar 31 2017
Thank you for providing more feedback. Adding requester "sureshkumari@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 6 2017
Unable to reproduce the issue on Windows 10,Mac 10.12.4 & Ubuntu 14.04 using chrome stable-57.0.2987.133 ,Canary-59.0.3063.4 & reported version-56.0.2924.87 as per html file attached in comment#4. Able to close the popup by clciking on 'ok' button , clicking on 'x' button on popups & tabs. Please find the attached screencast for reference & let us know if we miss anything to reproduce the issue from TE end. Thank you!
,
Apr 7 2017
Never mind. Mechanics are working correctly. The page opens a copy of itself if the image (which looked like a screenshot of an alert box) is clicked. It also opened a copy if CTRL was pressed (e.g. to close the page via CTRL-W). I cannot get it to reproduce this behavior now. I also cannot get it to prompt for the addon installation, but this may be because the addon has been removed from the store. It comes down to users being able to distinguish real alert boxes from screenshots. Unaware users may see no other option to leave the site other than installing the (probably malicious) addon. If a user cannot tell For reproduction, assume the image was a screenshot of the alert box the page shows. The only difference between the real box and the copy is an offset of maybe 5px. Clicking on OK or X of the image opens a copy. The referenced voice file was a voice that told you to install the addon in order to leave this site/circle.
,
Apr 7 2017
Thank you for providing more feedback. Adding requester "jmukthavaram@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 10 2017
padixt@ as per comment #8, can we close this issue??? Thank You...
,
Apr 11 2017
,
Apr 11 2017
It comes down to users being able to distinguish real alert boxes from screenshots. Unaware users may see no other option to leave the site other than installing the (probably malicious) addon. Whether or not you consider this a bug is up to you
,
Apr 11 2017
Thank you for providing more feedback. Adding requester "kkaluri@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 12 2017
Closing this issue, as reporter faced this issue which is caused by extension |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by pad...@gmail.com
, Mar 26 2017