Users can prevent Chrome from displaying F11 fulscreen message
Reported by
hakerh403@gmail.com,
Jan 21 2018
|
||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Steps to reproduce the problem: 1. Download this script: https://github.com/chrome-improver/chrome-improver 2. Execute it 3. Chrome will no longer display messages when someone go to fullscreen What is the expected behavior? The purpose of "Press F11 to exit full screen" message is, I suppose, to prevent malicious websites to simulate desktop or something. Chrome displays the message every time user go to fullscreen and there should not be a way to disable it, because it may result in potential security problem. What went wrong? There is a script on github which very easily removes the appearance of the message. It is impossible for a website to execute that script because it requires Node.js, but anyway, once executed, the script prevents appearance of the message. Are there any plans to improve Chrome in order to fix this exploit? Did this work before? N/A Chrome version: 63.0.3239.132 Channel: stable OS Version: 6.3 Flash Version: no flash Any other comments? no
,
Jan 23 2018
The github link is broken because the accout was removed. So here is the full repository in the archive.
,
Feb 2 2018
Tested the issue on Win-7 using chrome latest stable #64.0.3282.140 and latest canary #66.0.3336.5. Following are the steps followed to reproduce the issue. ------------ 1. Downloaded script at comment #2 2. Executed it 3. Pressed F11. 4. Observed a message "Press F11 to exit full screen" is displayed on fullscreen. reporter@ - Could you please check the steps followed and please let us know if anything missed from our side. If possible please attach a screen cast or screenshot for better understanding of issue. Thanks...!!
,
Feb 4 2018
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 5 2018
Unable to test reproduce this issue on 63.0.3239.132 using Windows 7 as we are seeing error while typing block messages after running .bat file. Attaching screencast for reference. Please check the screencast and let us know if we miss anything. This would help in further triaging of the issue. Thanks!
,
Feb 5 2018
There is a readme next to the batch file containing all instructions on how to prepare environment in order to successfully run the script. Make sure that `C:\windows\system32` is present in global PATH system variable. Also, make sure that the script is run with full administrative privileges and that UAC level in control panel is set to 0.
,
Feb 5 2018
Thank you for providing more feedback. Adding requester "sc00335628@techmahindra.com" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 28 2018
There really isn't anything Chrome can do to prevent a user from modifying their Chrome install to disable functionality. The readme of this script clearly states that this is intentionally modifying permissions on files and directories that Chrome uses for thumbnails as well as directly modifying the chrome.dll binary to remove the fullscreen message code. Running random scripts with admin privileges is also generally not advised, as that gives full control over your computer. But since this script is generally upfront about what it is doing, it is hard to directly label it as "unwanted software" (UwS). Closing this as WontFix. This would be roughly the same result as a user compiling and running their own Chromium build that disables the feature. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ajha@chromium.org
, Jan 23 2018Labels: Needs-Triage-M63