Able to reproduce the issue on the reported chrome version stable 61.0.3163.100 and on the latest canary 64.0.3243.0 on Windows10, Mac 10.12.6 and on Ububtu 14.04 with the steps mentioned in comment#0. 

As the issue is seen from M50(50.0.2634.0) considering it as non-regression and marking as untriaged. 

This PDF alone just uses JavaScript to show a dialog, which is a feature of PDF. PDFs like this are often an important piece of abusive behavior, allowing a page to activate itself while still being able to dismiss the dialog. However, this is common.

What would be interesting is the larger picture, what's happening around the PDF to make windows uncloseable. This PDF, alas, doesn't help.

When I close the alert, it doesn't pop up again. I just see a PDF saying "Copyright AdSupply 2016", and that's it. It can be closed, it doesn't pop up other windows.

Right. The PDF alone has a one-time alert. That's why we need to know the entire picture, and how the PDF is used in combination with other parts to be abusive.

I found a way to prevent this message using my extension. I blocked all requests whose mime type is pdf and I overrided `document.appendChild` (using `window.Proxy`) to reject all attempts of creating an iframe whose type is "application/pdf".

As answer to your questions, your are right, the PDF displays only one message and doesn't pop up new windows. However, another javascript (which created the iframe) creates a new frame on each page load, so it pops up every time the url is changed. The problem with opening a new window is solved by overriding `window.open` method (using extension) or by blocking pop-ups.

But, why even need for the message? What is the reason Chrome introduced this message?

"But, why even need for the message? What is the reason Chrome introduced this message?"

I don't understand your question.

This is a PDF that runs JavaScript to show a dialog. The message shown in the dialog is a message provided by the PDF.

It's as if a web page called "window.alert('hi')". A dialog saying "hi" would show up. Chrome didn't introduce the message "hi". The web page is showing the message.

Unless I'm misunderstanding your question.

What is happening here is that this PDF is calling the JavaScript window.alert() function to show an alert. The string displayed is not a Chrome string. Imagine a web page that said "onload='javascript:window.alert("yo!")'". You would see a dialog with the words "yo!" but you wouldn't say "hey, Chrome, why are you saying the string 'yo'?" Chrome is displaying the message on behalf of the webpage. Same thing here. Chrome is displaying the message "Focusing, please wait" on behalf of the PDF.

If TYL that PDFs can contain and run JavaScript, my sympathies.

Why do websites use PDFs to display seemingly nonsensical JavaScript alerts that say things like "loading"?

Alert dialogs activate the tabs showing them. If a tab shows a JavaScript alert, it is brought to the front. Now, the JavaScript window.alert() call is synchronous, so if abusers were to call window.alert() directly, they would have to wait for the user to respond. So they work around this by putting the window.alert() call into a PDF in an iframe. Then they have the PDF show the dialog, and while the PDF's JavaScript engine is stopped, the engine of the page is free to remove the iframe at any time, closing the dialog. When they do so, they use strings like "loading" or "focusing please wait" to make it seem like bad Chrome UI rather than what it is, abusive website behavior.

This is one of the many reasons why the activation of tabs via window.alert() is bad. I'm working on removing it and have a CL almost ready to go. Please feel free to follow along on  bug 747117  , or just wait for Chrome 64.

Unless you can provide more information about what's going on around the PDF iframe, I'll close this.

Thank you for explaining. You may merge this into  bug 747117  if you want, or you can close this anyway. Sorry for me not being informed enough.

Not a problem! Thank you for checking with us.