Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(34)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 79553004: Security fix for untrusted signin confirm dialog (Closed)

Created:
7 years, 1 month ago by guohui
Modified:
7 years ago
CC:
chromium-reviews, tim+watch_chromium.org, tfarina, rsimha+watch_chromium.org, haitaol+watch_chromium.org
Visibility:
Public.

Description

Security fix for untrusted signin confirm dialog When the window associated with the confirm dialog is closed without user clicking 'ok got it', chrome starts sync with default settings. This could be exploited to sign a user's Chrome into an attacker's account, as reported in crbug 321940. BUG=321940 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=237115

Patch Set 1 #

Patch Set 2 : add fix for mac UI #

Patch Set 3 : fix unit tests #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -4 lines) Patch
M chrome/browser/ui/cocoa/one_click_signin_dialog_controller_browsertest.mm View 1 2 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/ui/cocoa/one_click_signin_view_controller.mm View 1 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/ui/views/sync/one_click_signin_bubble_view.cc View 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/ui/views/sync/one_click_signin_bubble_view_unittest.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 9 (0 generated)
guohui
Hey Roger, could you please take a look at the fix? For details please see ...
7 years, 1 month ago (2013-11-21 20:54:07 UTC) #1
Roger Tawa OOO till Jul 10th
This change looks good, but what about one_click_signin_view_controller.mm, line 70?
7 years, 1 month ago (2013-11-22 00:21:50 UTC) #2
guohui
On 2013/11/22 00:21:50, Roger Tawa wrote: > This change looks good, but what about one_click_signin_view_controller.mm, ...
7 years, 1 month ago (2013-11-22 16:59:31 UTC) #3
Roger Tawa OOO till Jul 10th
lgtm
7 years, 1 month ago (2013-11-22 17:09:35 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/guohui@chromium.org/79553004/140001
7 years, 1 month ago (2013-11-22 18:28:38 UTC) #5
guohui
+sky for owner review
7 years, 1 month ago (2013-11-22 18:29:03 UTC) #6
sky
LGTM
7 years, 1 month ago (2013-11-22 21:19:55 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/guohui@chromium.org/79553004/140001
7 years ago (2013-11-25 16:56:15 UTC) #8
commit-bot: I haz the power
7 years ago (2013-11-25 19:12:20 UTC) #9
Message was sent while issue was closed. 
Change committed as 237115

Powered by Google App Engine
This is Rietveld 408576698