DescriptionSecurity fix for untrusted signin confirm dialog
When the window associated with the confirm dialog is closed without user clicking 'ok got it', chrome starts sync with default settings. This could be exploited to sign a user's Chrome into an attacker's account, as reported in crbug 321940.
BUG=321940
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=237115
Patch Set 1 #Patch Set 2 : add fix for mac UI #Patch Set 3 : fix unit tests #
Messages
Total messages: 9 (0 generated)
|