Issue metadata
Sign in to add a comment
|
[Security / UI] Malicious advertisements are able to workaround the "Prevent this page from creating additional dialogs".
Reported by
labobol...@gmail.com,
May 23 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: 1a. Goto a linkshrink dot net url and click continue button. 1b OR. Goto directly to http : //aa38242ui dot ru/bockerter/en/index.php#nt 2. Now try and prevent the site from creating additional dialogs. 3. Realize Firefox have better extension api to deal with this. 4. Make Chrome better as have been requested for years! What is the expected behavior? Checking "Prevent this page from creating additional dialogs" should do what it say. What went wrong? "Prevent this page from creating additional dialogs" did nothing! Did this work before? No Chrome version: 58.0.3029.110 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: If you're going to treat users as stupid, going so far as to remove any ability for the users to do so manually THEN DO A BETTER JOB BEING SMART for crying out loud! Ads yet again exploit chrome's poor protections and lacking extension api making it impossible to write security extensions like noscript. Ads basically love chrome because there's no real protection from malicious actions. That site also wants you to install this extension from a so called "trusted" site: https : //chrome.google dot com/webstore/detail/mineralka/cegoaefheiaoekoljooodfiebkifncdi Please do tell me more bullshit about how the idea of chrome web store and it's hard-whitelisting in chrome is a good thing. Go on, I dare you.
,
May 23 2017
,
May 24 2017
Can you give me the external link to this, I assume, internal url http://b/62031477 ? Number isn't a crbug number says crbug. > Yes, beforeunload dialogs are still modal. That's being worked on. What's the time-frame on that? You have bugs several years old and still working on them. > The rest seems like a rant, so that's all I have to say. The good old calling feedback a rant to discredit it. Good one, not original at all. Consider I took time to file this. Take the rant-likeness as a sign I'm very frustrated on the lack of progress in those areas. It's understandable. I've been in the other end a few times myself but I've never called it a rant because I know better. That said I even listen to rants, many have good feedback. Not everyone got a silver tongue of course. One should never dismiss feedback as a rant, big no-no. If you care about the software and the users. Care to respond constructively on it instead or at least take the feedback seriously? Better extension API, more settings for advanced users that know better that chrome team, etc. People have asked before but you refuse to say anything. - For example enabling third-party to write a security extension like noscript in Firefox. - Ability to control redirect tags and such. - Allow extension to look at and edit any scripts before they execute. - Finally implement control over inline scripts (another thing malicious ads exploit). - Be able to have blocking extensions so security extensions don't get bypassed if too slow (Major issue when it comes to security). Would improve security a lot.
,
Aug 30 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by a...@chromium.org
, May 23 2017Status: WontFix (was: Unconfirmed)