Regarding the Status Bubble, it is not a security surface, so the fact that that URL is spoofed is not considered a bug in this case (see https://www.chromium.org/user-experience/status-bubble). 

Regarding the pop-ups blocked notification, it looks that is working correctly too, the highlighted part is the URL of the site that would have showed in the popup, which is correctly set to google.com in this case, the page that triggered the popup is shown below in the "Always allow pop-ups from http://localhost" which is also correct.

However, it seems this might be a localization issue, in the English version, the text shows as "Pop-ups blocked: <list of pop up URLS>", while in Portuguese it is shown as "Os seguintes pop-ups foram bloqueados nesta pagina: <list of pop up URLS>" which translates to "The following pop-ups have been blocked in this page: <list of pop up URLS>", so I can understand that can be confusing, particularly when only one URL is shown, it looks like the blocked URL refers to the site that triggered the popup. Adding the localization component (and renaming the issue) regarding the confusing string.

Routing to jdignos@chromium.org

Hi! I made more tests and the strange behavior occurs only in some javascripts events. For example, when event is onmousedown the href value isn't related in pop-up blocker, but if the event is onmouseup or onclick it is will be related in pop-up blocker. In onwheel or onmousemove href isn't related but all pop-ups will be blocked.

<a id="link5" name="link5" href="https://twitter.com"  onmousedown="onMouseClick2();" target="_blank">twitter.com</a>
<script>
function onMouseClick2(){ var popup3 = window.open('https://www.marvel.com', '_blank'); popup1 = window.open('https://www.dccomics.com', '_blank'); }
</script>

Hi Mellie,

Need you help on this bug.

Thanks!

hi, this is a bit confusing for our localization team. Would you be able to help us identify where exactly the translation issue is coming from so we can more easily identify it in TC? Thanks a lot!

https://bugs.chromium.org/p/chromium/issues/detail?id=875260#c1 (Comment 1) suggests the localization issue:

However, it seems this might be a localization issue, in the English version, the text shows as "Pop-ups blocked: <list of pop up URLS>", while in Portuguese it is shown as "Os seguintes pop-ups foram bloqueados nesta pagina: <list of pop up URLS>" which translates to "The following pop-ups have been blocked in this page: <list of pop up URLS>", so I can understand that can be confusing, particularly when only one URL is shown, it looks like the blocked URL refers to the site that triggered the popup. Adding the localization component (and renaming the issue) regarding the confusing string.

Looking in the translation console 6815484526221703469 for Chrome seems to be the corresponding message (no link due to this being a public bug). I do not see the corresponding Portuguese translation identified by #1.

CC'ing carlosil@chromium.org for further clarification.

That's strange, I also checked https://cs.chromium.org/chromium/src/chrome/app/resources/generated_resources_pt-BR.xtb and https://cs.chromium.org/chromium/src/chrome/app/resources/generated_resources_pt-PT.xtb and I can't see the string that shows up in the picture, but 'Pop-ups bloqueados' which lines up with the English string, I wonder if this was changed in a version newer than what the original reporter was using. If so, this is probably a wontfix.

Hey Joshua, could you have a look at TC now that we have more details?