PoC: PEPC prompt renders outside initiator window

PEPC prompt can cover initiator window, allowing attacker to show a legitimate-looking permission prompt over other origins.

Variations:

• Chained with issue 341436934:
  • Using about:blank popup (default)
  • Using narrow popup spoof
• Standalone (best when used with lookalike domain):
  • Using about:blank popup

Click anywhere to continue to example.com