DescriptionBlock top-level navigations to nested URLs with extension origins from non-extension processes.
Before this CL, it was possible for a web iframe with an unblessed
extension frame to exploit the renderer, create a blob: or filesystem:
URL in the extension frame context, then create a new top-level window
and navigate it to that URL, which could end up putting the new window
into a privileged extension process running attacker's code.
BUG=645028
Review-Url: https://codereview.chromium.org/2345473003
Cr-Commit-Position: refs/heads/master@{#419019}
(cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
Committed: https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7fefe329d5091
Patch Set 1 #
Messages
Total messages: 3 (1 generated)
|