Re: Advisory: Google Chrome Window Object Suppressing Remote Denial of Service.
This issue, as reported to us by Aditya, is being tracked at
http://code.google.com/p/chromium/issues/detail?id=2877. We would like to note
that we discovered the outlined behavior several weeks ago internally, and
publicly reported it to Webkit: https://bugs.webkit.org/show_bug.cgi?id=20661
While this is a low-priority bug, we do not believe it constitutes a security
threat. The vector merely permits windows to be gracefully closed, rather than
"killed", and applies only to windows that the malicious page could already
script (that is, not an arbitrary third-party window). There is no risk of
stealing user data, or any sort of remote code execution