search

brave / brave-ios

Brave iOS Browser
https://brave.com
Mozilla Public License 2.0
1.7k stars 440 forks source link

Browser hijacked with rogue page trying to open link requesting to switch apps #2306

Open Craigfis opened 4 years ago

Craigfis commented 4 years ago

Description:

Some less reputable web site opened a tab in my Brave session that keeps trying to open a tel: link. Brave kindly asks for approval before opening the link. But denying the request just results in the prompt coming up again. There is no opportunity to close the tab or switch tabs. Closing Brave and reopening just results in the same tab showing and doing the same thing. Seems only fix may be to uninstall Brave and reinstall it at this point.

This thread mentions the concern about this kind of DOS: https://github.com/brave/browser-ios/pull/1478

Steps to Reproduce

I think this is the source of the rogue page: http://open-new-alert.xyz/apple/testanroid.s3-website-us-east-1.amazonaws.com/index.html

Actual result: image

Expected result: Should block subsequent requests from the page? (After n denials?)

Reproduces how often: [Easily reproduced, Intermittent Issue] Easily reproduced I believe.

Brave Version: v1.14.3

Device details: iOS 13.3.1

Craigfis commented 4 years ago

Also, that page on MacOS Brave shows me the malware warning page, but not on iOS.

jhreis commented 4 years ago

@Craigfis this is nasty. Thanks for sharing. Can you try long-pressing the Brave home icon and select "New Private Tab", you can then go into settings and "Clear Private Data", if you clear any of those options it should dump all of your normal tabs.

Obviously, this is a "hack", and we will get this addressed. Makes me think we should also provide a launch option "Clear Tabs" or something.

Safe Browsing on iOS is still WIP(https://github.com/brave/brave-ios/pull/1339), but this would flag the website similar to how desktop behaves.

Craigfis commented 4 years ago

Ahh, great, yes that trick allowed me to kill off the tab. Thanks.

skallshian commented 2 years ago

I’m having this same problem and it has made Brave unusable for me. Some telephone number is trying to open an external app and it has hijacked the entire browser with infinite buggy requests. I’ve attached a video of what happens the moment I open the browser on iPhone. There’s no way for me to select anything like a new tab or options, and long pressing the home icon to open a new private tab doesn’t do anything either. It immediately opens and starts looping this non-stop. Infuriating that I can’t find any help to this issue online.

Uploading FullSizeRender.mov…