URL's able to hijack the browser using fullscreen
Reported by
not...@gmail.com,
Apr 27 2017
|
|||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Steps to reproduce the problem: 1. I'm not sure if i should post the hijjacking link directly, so i've pasted it on pastebin(be careful): https://pastebin.com/f4645ZYQ What is the expected behavior? Being able to prevent further dialogs. What went wrong? The page keeps automatically going out and in fullscreen preventing the user from closing the tab and the extension add message and is also preventing users from reliably disabling dialog messages due to spamming extension add. Did this work before? N/A Chrome version: 58.0.3029.81 Channel: stable OS Version: 10.0 Flash Version:
,
Apr 28 2017
Unable to reproduce the issue on windows 7 using chrome version 58.0.3029.81. Opened the URL provided in pastebin got the message as Deceptive site ahead. Could you please find the attached screen cast and provide us the screen cast of the issue for better understanding the issue. Thanks,
,
Apr 28 2017
Hmm, it must've been added to google's safe browsing(and the web server is actually gone too). I should've recorded what happened. For now it seems i cannot reproduce it anymore at the moment.
,
Apr 28 2017
Thank you for providing more feedback. Adding requester "kavvaru@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 28 2017
Basically what it did was keep spamming dialog boxes, and when you wanted to click "Prevent this page from creating any more dialog boxes" it popped in the "Add Extension" window while going in and out of fullscreen automatically(without consent), and that in the same loop over and over again. Not even Alt+F4 worked because it popped in the "Do you want to leave this site" window, which was being overridden by the forced add extension window every time i wanted to confirm.
,
May 2 2017
notcyf@: Did the extension install prompt show up when the page went fullscreen? That should be fixed with the follow up work to bug 488143 . I don't think there is any omnibox bug here, the "Dangerous" prompt is displayed because the site is caught by SafeBrowsing.
,
May 9 2017
@notcyf-- Could you please respond to comment #8 and update the thread with your observations. Thanks!
,
Jun 29 2017
notcyf@, are you still seeing this issue? And did the extension install prompt show up when the page went fullscreen?
,
Jun 30 2017
I've seen the issue again in several forms that I had to be agile to be able to click the tab away. I haven't been able to record any of it because they disguise themselves as ads.
,
Jun 30 2017
Thank you for providing more feedback. Adding requester "hdodda@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 2
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by nyerramilli@google.com
, Apr 28 2017