New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Aug 27
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment
link

Issue 812769: Security: Cast UI hides Full-screen warning

Reported by chromium...@gmail.com, Feb 15 2018

Issue description

VERSION
Chrome Version: 66.0.3348.0 
Operating System: Mac

REPRODUCTION CASE
Presentation API can show up over the fullscreen notification on (Unable to repro on Windows).

1. Set up a local webserver to host testcase.html
2. Click on 'click here please'
3. Observe
 
Screen Shot 2018-02-15 at 20.34.00.png
165 KB View Download
testcase.html
3.7 KB View Download

Comment 1 by elawrence@chromium.org, Feb 15 2018

 Issue 812770  has been merged into this issue.

Comment 2 by elawrence@chromium.org, Feb 15 2018

Components: Internals>Cast>UI Blink>Fullscreen
Labels: OS-Mac
Summary: Security: Cast UI hides Full-screen warning (was: Security: Addressbar spoofing with using Presentation API)
This is yet another case where there's a spoof against the already-subtle "By the way, you're in full-screen now whether you like it or not" notice.

Comment 3 by e...@chromium.org, Feb 15 2018

Components: -Blink>Fullscreen

Comment 4 by och...@chromium.org, Feb 15 2018

Labels: Security_Severity-Low Security_Impact-Stable
Owner: mfo...@chromium.org
Status: Assigned (was: Unconfirmed)
mfoltz: could you please help take a look at this, or help get this assigned to the right person?

Comment 5 by mfo...@chromium.org, Feb 15 2018

Cc: mfo...@chromium.org
Components: UI>Browser
Owner: tapted@chromium.org
I can't repro this on Linux.  It seems like a Mac browser UI issue - does it show the fullscreen notification in a different way?  Trent what do you think?

Comment 6 by chromium...@gmail.com, Feb 15 2018

re C#5 - Cast UI overlay the fullscreen notification (This is similar to  bug 752003 ).

Comment 7 by och...@chromium.org, Feb 15 2018

Cc: a...@chromium.org
+avi who owns a similar macOS-only bug (bug 812060).

Comment 8 by a...@chromium.org, Feb 15 2018

I solved this with JS dialogs and popups by dropping fullscreen in those cases. Do we want to make that a more general policy for all dialogs?

Comment 9 by sheriffbot@chromium.org, Feb 16 2018

Project Member
Labels: Pri-2

Comment 10 by mfo...@chromium.org, Feb 16 2018

johnpallett@ may have some feedback about dropping out of fullscreen when activating the Media Router dialog.  It's a common use case to cast fullscreen video.

Is there a way we can tell when the notification is showing so we can drop out of fullscreen selectively?

Comment 11 by a...@chromium.org, Feb 16 2018

There's no easy way of knowing if the notification is showing, plus that means uncertainty for the author of the page as to why showing the media router dialog sometimes kicks you out of fullscreen but sometimes it doesn't.

If you do that, do it all the time.

Comment 12 by tapted@chromium.org, Feb 19 2018

Cc: mgiuca@chromium.org
Status: Started (was: Assigned)
I hit some dead-ends playing around with window levels and key-value observers. But I found a thing that seems to help: https://chromium-review.googlesource.com/c/chromium/src/+/923227

Comment 13 Deleted

Comment 14 Deleted

Comment 15 by tapted@chromium.org, Mar 6 2018

I've merged  Issue 813815  and  Issue 817809  into this. Issue 812060 is something different - it doesn't actually show a fullscreen notification so there's nothing to obscure.

Comment 16 by tapted@chromium.org, Jul 24 2018

Cc: tapted@chromium.org
Owner: a...@chromium.org
Status: Assigned (was: Started)
per https://chromium-review.googlesource.com/c/chromium/src/+/923227#message-79972ff4162f078a3e21572af8e972292e9363b3 I think avi's looking at a cross-platform answer for this.

Comment 17 by kenrb@chromium.org, Aug 7

Cc: kenrb@chromium.org
 Issue 871021  has been merged into this issue.

Comment 19 by a...@chromium.org, Aug 27

Status: Fixed (was: Assigned)

Comment 20 by sheriffbot@chromium.org, Aug 28

Project Member
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 21 by awhalley@chromium.org, Sep 5

Labels: reward-topanel

Comment 22 by awhalley@chromium.org, Sep 11

Labels: -reward-topanel reward-unpaid reward-500
*** Boilerplate reminders! ***
Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an eligible charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing.
*********************************

Comment 23 by awhalley@google.com, Sep 11

The VRP panel decided to award $500 for this report, thanks as ever!

Comment 24 by awhalley@chromium.org, Sep 11

Labels: -reward-unpaid reward-inprocess

Comment 25 by bugdroid1@chromium.org, Sep 19

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c8c2146c2f99fb7eefb79b170e60f53700f7ab8

commit 1c8c2146c2f99fb7eefb79b170e60f53700f7ab8
Author: Yuri Wiitala <miu@chromium.org>
Date: Wed Sep 19 19:47:42 2018

Dialogs don't drop tab fullscreen when in FullscreenWithinTab mode.

Overrides the default behavior of dropping fullscreen when a tab modal
dialog is opened in the FullscreenWithinTab case. This is because, in
FWT mode, the browser window is in its normal layout (not fullscreened).

Bug:  883535 , 812769 
Change-Id: I1c262954b962d508eb86ef9a8a312bec03ab2332
Reviewed-on: https://chromium-review.googlesource.com/1228976
Commit-Queue: Yuri Wiitala <miu@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#592522}
[modify] https://crrev.com/1c8c2146c2f99fb7eefb79b170e60f53700f7ab8/chrome/browser/ui/browser.cc
[modify] https://crrev.com/1c8c2146c2f99fb7eefb79b170e60f53700f7ab8/chrome/browser/ui/browser_browsertest.cc
[modify] https://crrev.com/1c8c2146c2f99fb7eefb79b170e60f53700f7ab8/chrome/browser/ui/exclusive_access/fullscreen_controller.h

Comment 26 by bugdroid1@chromium.org, Sep 21

Project Member
Labels: merge-merged-3538
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a438e211d0aa6f12eee274b22c4daef442a28eac

commit a438e211d0aa6f12eee274b22c4daef442a28eac
Author: Yuri Wiitala <miu@chromium.org>
Date: Fri Sep 21 20:35:42 2018

Dialogs don't drop tab fullscreen when in FullscreenWithinTab mode.

Overrides the default behavior of dropping fullscreen when a tab modal
dialog is opened in the FullscreenWithinTab case. This is because, in
FWT mode, the browser window is in its normal layout (not fullscreened).

Bug:  883535 , 812769 
Change-Id: I1c262954b962d508eb86ef9a8a312bec03ab2332
Reviewed-on: https://chromium-review.googlesource.com/1228976
Commit-Queue: Yuri Wiitala <miu@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#592522}(cherry picked from commit 1c8c2146c2f99fb7eefb79b170e60f53700f7ab8)
Reviewed-on: https://chromium-review.googlesource.com/1239346
Reviewed-by: Yuri Wiitala <miu@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#565}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[modify] https://crrev.com/a438e211d0aa6f12eee274b22c4daef442a28eac/chrome/browser/ui/browser.cc
[modify] https://crrev.com/a438e211d0aa6f12eee274b22c4daef442a28eac/chrome/browser/ui/browser_browsertest.cc
[modify] https://crrev.com/a438e211d0aa6f12eee274b22c4daef442a28eac/chrome/browser/ui/exclusive_access/fullscreen_controller.h

Comment 27 by awhalley@google.com, Oct 15

Labels: Release-0-M70

Comment 28 by awhalley@chromium.org, Oct 16

Labels: CVE-2018-17476 CVE_description-missing

Comment 29 by awhalley@chromium.org, Nov 12

Labels: -CVE_description-missing CVE_description-submitted

Comment 30 by sheriffbot@chromium.org, Dec 4

Project Member
Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment