How long until a canvas is used to render the full chrome of a web browser (e.g. including the TLS padlock), showing a fake benign URL in the (fake) address bar while having the user interact with a malicious page?

▲

stanac an hour ago | parent [-]

That's why we have "youtube.com is now full screen" message.

	▲	lukan an hour ago \| parent [-]
		Yes, but this "emergency" UI of the OS could be improved I think. (Also that functionality could have been build easily with normal DOM and JS, cancel and override all events, etc)