Issue metadata
Sign in to add a comment
|
Security: Infinite Pop-Up Redirect Methodology
Reported by
thisisan...@gmail.com,
Aug 18 2017
|
||||||||||||||||||||||||
Issue descriptionHello, this is behavior witnessed by several different "infinite popups" often portraying security alerts trying to trick users into calling a number for support. VULNERABILITY DETAILS Check the URI in the screenshot_redline.png file and it will become obvious how this redirection functions. I have witnessed this in several campaigns. VERSION Chrome Version: Latest Operating System: Win10 REPRODUCTION CASE I assume you could reproduce this by simply going to the URI in question - screenshot.png CLIFF NOTES: It seems to me it would be trivial to detect/prevent this type of redirection based on a) time and/or b) integer incrementing at the end of the URI as seen in screenshot_redline.png. Thanks!
,
Aug 21 2017
It seems like it's not nearly obvious enough that the tab can be closed even if a popup is open. =/
,
Aug 21 2017
Sigh. If UX would give me such a UI, I would take it. Protest in front of their building.
,
Aug 25 2017
This will be prevented by the solution in 394296.
,
Dec 2 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Aug 18 2017