I have installed Google Chrome at work to test it 'cause at home I use
linux. In my firm, the web access is done throw a proxy server so when
I launched Chrome, a popup was opened in the tab to ask me my login
and password for this proxy server.

But there is something that surprised me : The popup stay on the page
as f it was a DHTML popup. It can't even go over the border of the
page. It's cool but it is a big security hole 'cause it is very easy
to imitate this popup for a web developer with DHTML. Nothing in the
real popup can make me thing that it comes from the browser and not
the website.

It is a very important security hole ! Websites can use this to
retrieve my login and password.

What do you think about that ?

Franck