Lock down the registration of blob:chrome-extension:// URLs

extensions/browser/extension_web_contents_observer.cc

Index: extensions/browser/extension_web_contents_observer.cc
diff --git a/extensions/browser/extension_web_contents_observer.cc b/extensions/browser/extension_web_contents_observer.cc
index 52b9041a5ebdc170298bce4c76ea9938a7fad845..6f065256712a5bac065cde5100c4f81c3b96ea8a 100644
--- a/extensions/browser/extension_web_contents_observer.cc
+++ b/extensions/browser/extension_web_contents_observer.cc
@@ -63,6 +63,15 @@ void ExtensionWebContentsObserver::InitializeRenderFrame(
   if (!frame_extension)
     return;
 
+  // |render_frame_host->GetProcess()| is an extension process. Grant permission
+  // to commit pages from chrome-extension:// origins.
+  content::ChildProcessSecurityPolicy* security_policy =
+      content::ChildProcessSecurityPolicy::GetInstance();
+  int process_id = render_frame_host->GetProcess()->GetID();
+  security_policy->GrantScheme(process_id, extensions::kExtensionScheme);
+  security_policy->GrantScheme(process_id,
+                               extensions::kExtensionResourceScheme);
+
   // Notify the render frame of the view type.
   render_frame_host->Send(new ExtensionMsg_NotifyRenderViewType(
       render_frame_host->GetRoutingID(), GetViewType(web_contents())));