Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(234)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2354623002: Block top-level navigations to nested URLs with extension origins from non-extension processes. (Closed)

Created:
4 years, 3 months ago by alexmos
Modified:
4 years, 3 months ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/pending/branch-heads/2840
Project:
chromium
Visibility:
Public.

Description

Block top-level navigations to nested URLs with extension origins from non-extension processes. Before this CL, it was possible for a web iframe with an unblessed extension frame to exploit the renderer, create a blob: or filesystem: URL in the extension frame context, then create a new top-level window and navigate it to that URL, which could end up putting the new window into a privileged extension process running attacker's code. BUG=645028 Review-Url: https://codereview.chromium.org/2345473003 Cr-Commit-Position: refs/heads/master@{#419019} (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd) Committed: https://chromium.googlesource.com/chromium/src/+/4bd1a6aec18520db3b7e2859c70b096943bf310e

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+237 lines, -0 lines) Patch
M chrome/browser/extensions/process_manager_browsertest.cc View 5 chunks +221 lines, -0 lines 0 comments Download
M chrome/browser/net/chrome_extensions_network_delegate.cc View 2 chunks +16 lines, -0 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
alexmos
4 years, 3 months ago (2016-09-19 17:22:26 UTC) #2
Message was sent while issue was closed. 
Committed patchset #1 (id:1) manually as
4bd1a6aec18520db3b7e2859c70b096943bf310e.

Powered by Google App Engine
This is Rietveld 408576698