Chromevox enables restricted fullscreen mode to be compromised |
||||||||||||||
Issue descriptionChrome Version: 10176.34.0 OS: M64.0.3282.65 beta caroline What steps will reproduce the problem? (1) When the screen is in locked full-screen mode, enable Chromevox. (2) Close Chromevox bar by clicking on the [x] on the top right of the screen. The bar disappears but leaves behind a gap space where it was. (3) Right-click on the gap space and select "Set Wallpaper". This reveals the portion of the desktop. (4) Click on any URL link in the page. Now the Chrome browser is displayed with the tab and URL input box and allows user to add a new tab and browse to somewhere else. What is the expected result? When Chromevox is closed, the window below it should be maximized to block the layer underneath. What happens instead? Closing Chromevox leaves behind a gap in the blocking layer and reveals the layer underneath thus allows exploits to area not intended. Please use labels and text to provide additional information. For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report.
,
Jan 16 2018
Ivan, I think restricted fullscreen would be in your area?
,
Jan 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f55052319625a452a9aaa1fd3c4091ca074d2290 commit f55052319625a452a9aaa1fd3c4091ca074d2290 Author: Ivan Sandrk <isandrk@google.com> Date: Wed Jan 17 18:17:07 2018 Fix a bug where Chromevox would appear on top of locked fullscreen window when it shouldn't The following code in ChromeVoxPanel::UpdateWidgetBounds would do a check on whether the current window is fullscreen (and would fail to detect pinned mode): // If we're in full-screen mode, give the panel a height of 0 unless // it's active. if (ash::RootWindowController::ForWindow(GetRootWindow()) ->GetWindowForFullscreenMode() && !widget_->IsActive()) { bounds.set_height(0); } Bug: chromium:800064 Change-Id: I238b9091fd06ae1402cd8113f685e682fa8a2896 Reviewed-on: https://chromium-review.googlesource.com/868158 Commit-Queue: Ivan Ĺ andrk <isandrk@chromium.org> Reviewed-by: Mitsuru Oshima <oshima@chromium.org> Cr-Commit-Position: refs/heads/master@{#529809} [modify] https://crrev.com/f55052319625a452a9aaa1fd3c4091ca074d2290/ash/BUILD.gn [modify] https://crrev.com/f55052319625a452a9aaa1fd3c4091ca074d2290/ash/wm/fullscreen_window_finder.cc [add] https://crrev.com/f55052319625a452a9aaa1fd3c4091ca074d2290/ash/wm/fullscreen_window_finder_unittest.cc
,
Jan 17 2018
,
Jan 17 2018
Hiya Kevin, requesting to merge this to M64. It's a simple one line fix, unit tests are included. Thanks.
,
Jan 17 2018
,
Jan 17 2018
This bug requires manual review: We are only 5 days from stable. Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 18 2018
We decided to drop this from M64, removing the corresponding labels.
,
Jan 18 2018
,
Jan 19 2018
,
Jan 19 2018
,
Jan 19 2018
,
Jan 20 2018
jingwee@ does this also work in Kiosk Mode today?
,
Jan 23 2018
,
Jan 25 2018
As verified in M65.0.3325.9 10323.1.0 dev candy, I could no longer break out of the locked screen mode via or around Chromevox enabled or disabled.
,
Feb 5 2018
,
Feb 9 2018
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by jingwee@chromium.org
, Jan 13 2018