From c6b912e6243e227a3b33249220d626beaa155d7b Mon Sep 17 00:00:00 2001 From: Keren Zhu Date: Thu, 29 Jun 2023 03:45:31 +0000 Subject: [PATCH] [Backport] CVE-2023-4365: Inappropriate implementation in Fullscreen. Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4508964: Use top-level widget for fullscreen notification On Windows, a topmost child window will be placed behind other topmost windows when its parent gains focus. This is undesired for the fullscreen notification, a security-related window, which was being occluded by the PiP window under certain circumstances. Fix this by showing fullscreen notification in a top-level widget. Bug: 1431043, 1459121 Change-Id: I7c2823ccd0485acd65da39ed066675bd06486795 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4508964 Reviewed-by: Peter Kasting Commit-Queue: Keren Zhu Cr-Commit-Position: refs/heads/main@{#1163941} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/499077 Reviewed-by: Allan Sandfeld Jensen --- .../fullscreen_control/subtle_notification_view.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/chromium/components/fullscreen_control/subtle_notification_view.cc b/chromium/components/fullscreen_control/subtle_notification_view.cc index 1d12f5d076cb..32604d49b928 100644 --- a/chromium/components/fullscreen_control/subtle_notification_view.cc +++ b/chromium/components/fullscreen_control/subtle_notification_view.cc @@ -225,10 +225,16 @@ views::Widget* SubtleNotificationView::CreatePopupWidget( // Initialize the popup. views::Widget* popup = new views::Widget; views::Widget::InitParams params(views::Widget::InitParams::TYPE_POPUP); +#if !BUILDFLAG(IS_WIN) + // On Windows, this widget isn't parented on purpose to avoid it being + // obscured by other topmost widgets. See crbug.com/1431043. + // TODO(crbug.com/1459121): Aura should respect the fine-grained levels of + // topmost windows defined in ZOrderLevel. + params.parent = parent_view; +#endif params.opacity = views::Widget::InitParams::WindowOpacity::kTranslucent; params.ownership = views::Widget::InitParams::WIDGET_OWNS_NATIVE_WIDGET; params.z_order = ui::ZOrderLevel::kSecuritySurface; - params.parent = parent_view; params.accept_events = false; popup->Init(std::move(params)); popup->SetContentsView(std::move(view));