New issue
Advanced search Search tips

Issue 838314 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: May 2018
Cc:
a...@chromium.org
csharrison@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

WebUSB dialog allows popunders

Project Member Reported by a...@chromium.org, Apr 30 2018 
As per https://bugs.chromium.org/p/chromium/issues/detail?id=836841#c3:

I noticed that WebUSB dialog also triggers activation:
Here is the PoC: https://vulnerabledoma.in/popunder/webusb.html

onkeydown=function(){
    window.open('//example.com/','_blank','a');
}

onkeypress=function(){
    navigator.usb.requestDevice({filters:[]});
    location.href="//l0.cm/h_back.html"//do history.back()
}

Comment 1 by masatoki...@gmail.com, May 1 2018 

I couldn't reproduce it on Mac. Apparently it works on only Windows.

Comment 2 by csharrison@chromium.org, May 7 2018

Labels: OS-Windows
I can also repro on Windows but not Linux.

Comment 3 by a...@chromium.org, May 15 2018 

OK, found the activation.

        views::HWNDMessageHandler::Activate (\\ui\views\win\hwnd_message_handler.cc:689)
        views::HWNDMessageHandler::ShowWindowWithState (\\ui\views\win\hwnd_message_handler.cc:645)
        views::DesktopWindowTreeHostWin::ShowWindowWithState (\\ui\views\widget\desktop_aura\desktop_window_tree_host_win.cc:204)
        views::DesktopNativeWidgetAura::ShowWithWindowState (\\ui\views\widget\desktop_aura\desktop_native_widget_aura.cc:778)
        views::Widget::Show (\\ui\views\widget\widget.cc:628)
        ChooserBubbleUi::CreateAndShow (\\chrome\browser\ui\views\permission_bubble\chooser_bubble_ui_views.cc:40)
        ChooserBubbleUi::Show (\\chrome\browser\ui\views\permission_bubble\chooser_bubble_ui.cc:206)
        BubbleController::Show (\\components\bubble\bubble_controller.cc:50)
        BubbleManager::ShowBubble (\\components\bubble\bubble_manager.cc:33)
        WebUsbChooserServiceDesktop::ShowChooser (\\chrome\browser\usb\web_usb_chooser_service_desktop.cc:36)
        WebUsbChooserService::GetPermission (\\chrome\browser\usb\web_usb_chooser_service.cc:47)
Project Member

Comment 4 by bugdroid1@chromium.org, May 17 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1ee52fd4ece305e2e435313bea7ff28ca465cb75

commit 1ee52fd4ece305e2e435313bea7ff28ca465cb75
Author: Avi Drissman <avi@chromium.org>
Date: Thu May 17 01:23:50 2018

Do not activate windows when showing chooser bubbles.

Activating windows allows popunders, and is disallowed in Chromium.
Ensure that we do not activate a window when we show a chooser
bubble.

BUG= 838314 

Change-Id: I052adb7b4bc37a439961059ab95670edcf85cd69
Reviewed-on: https://chromium-review.googlesource.com/1059451
Commit-Queue: Ben Wells <benwells@chromium.org>
Reviewed-by: Ben Wells <benwells@chromium.org>
Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559384}
[modify] https://crrev.com/1ee52fd4ece305e2e435313bea7ff28ca465cb75/chrome/browser/ui/views/permission_bubble/chooser_bubble_ui_views.cc

Comment 5 by a...@chromium.org, May 17 2018

Status: Fixed (was: Untriaged)

Comment 6 by krajshree@chromium.org, May 18 2018

Labels: TE-Verified-68.0.3434.0 TE-Verified-M68
Able to reproduce the issue on Win-10 using chrome build without fix.

Verified the fix on Win-10 using Latest chrome version #68.0.3434.0 as per the comment #0.
Attaching screen cast for reference.
Observed that windows did not get activate on showing chooser bubbles.
Hence, the fix is working as expected. 
Adding the verified labels.

Thanks...!!
838314.mp4
429 KB View Download

Sign in to add a comment