New issue
Advanced search Search tips
Starred by 5 users

Issue metadata

Status: Verified
Owner:
Closed: Mar 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

Chrome and Chromium allowing unauthorized local storage

Reported by thesimpl...@gmail.com, Feb 29 2012

Issue description

Chrome Version       : Chromium 19.0.1056.0 (Build 124014) and Chrome 17.0.936.56
URLs (if applicable) : www.amazon.com, www.blekko.com, www.youtube.com, www.ecosia.org, www.cnn.com, www.yippy.com
Other browsers tested: NA

What steps will reproduce the problem?
1. With a new install of Chrome or Chromium, disable allowing the setting of site data and 3rd party cookies in 'Under the Hood', 'Content Settings'.
2. Visit the above links
3. Now go to 'All Cookies and Site Data' in 'Content settings' to see the cookies set by those domains. 
4. Close the browser, then reopen it. Some of the cookies are still there. 

What is the expected result?
No cookies whatsoever would be stored from the session.

What happens instead?
Cookies from the above websites will be stored in Chrome and Chromium's cache, regardless of the browser's settings to not locally store any content. These cookies also retain their original expiration dates so some do not delete themselves for up to 24  years (Amazon).

Please provide any additional information below. Attach a screenshot if
possible.

A 2.5 minute video demonstrating the problem
http://youtu.be/mFW-4tgkBDM
 
Labels: nomedia

Comment 2 by nepper@chromium.org, Feb 29 2012

Labels: -Area-Undefined Feature-Privacy
Owner: battre@chromium.org
Status: Started
Thanks for reporting!
Project Member

Comment 3 by bugdroid1@chromium.org, Feb 29 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=124282

------------------------------------------------------------------------
r124282 | chrome-bot@google.com | Wed Feb 29 15:30:05 PST 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/importer/toolbar_importer.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/feedback/feedback_util.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/profiles/profile_downloader.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/autocomplete/search_provider.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/spellchecker/spellcheck_host_impl.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/search_engines/template_url_fetcher.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/webstore_install_helper.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/alternate_nav_url_fetcher.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/autofill/autofill_download.cc?r1=124282&r2=124281&pathrev=124282
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/spellchecker/spelling_service_client.cc?r1=124282&r2=124281&pathrev=124282

Disable storing cookies from URLFetchers that run with a profile's cookie jar.

BUG= 116253 
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9545005
------------------------------------------------------------------------

Comment 4 by jochen@chromium.org, Feb 29 2012

Labels: Mstone-17 Merge-Requested

Comment 5 by k...@google.com, Feb 29 2012

Labels: -Merge-Requested Merge-Approved
Project Member

Comment 6 by bugdroid1@chromium.org, Mar 1 2012

Labels: -merge-approved merge-merged-963
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=124386

------------------------------------------------------------------------
r124386 | jochen@chromium.org | Thu Mar 01 00:31:50 PST 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/alternate_nav_url_fetcher.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/importer/toolbar_importer.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/autocomplete/search_provider.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/profiles/profile_downloader.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/spellchecker/spellcheck_host_impl.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/extensions/webstore_install_helper.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/autofill/autofill_download.cc?r1=124386&r2=124385&pathrev=124386
 M http://src.chromium.org/viewvc/chrome/branches/963/src/chrome/browser/search_engines/template_url_fetcher.cc?r1=124386&r2=124385&pathrev=124386

Merge 124282 - Disable storing cookies from URLFetchers that run with a profile's cookie jar.

BUG= 116253 
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9545005

TBR=jochen@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9565003
------------------------------------------------------------------------
Currently rocking Chromium build 124404 for Linux x64, everything looks great. I can't reproduce the cookie storage now. Thanks everyone!

Comment 8 by k...@google.com, Mar 2 2012

Labels: -Mstone-17 Mstone-18 Merge-Requested
This needs to go to 1025.

Comment 9 by kareng@google.com, Mar 2 2012

Labels: -Merge-Requested Merge-Approved
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 5 2012

Labels: -merge-approved merge-merged-1025
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=124928

------------------------------------------------------------------------
r124928 | jochen@chromium.org | Mon Mar 05 00:32:26 PST 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/extensions/webstore_install_helper.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/profiles/profile_downloader.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/autofill/autofill_download.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/spellchecker/spellcheck_host_impl.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/feedback/feedback_util.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/autocomplete/search_provider.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/search_engines/template_url_fetcher.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/alternate_nav_url_fetcher.cc?r1=124928&r2=124927&pathrev=124928
 M http://src.chromium.org/viewvc/chrome/branches/1025/src/chrome/browser/importer/toolbar_importer.cc?r1=124928&r2=124927&pathrev=124928

Merge 124282 - Disable storing cookies from URLFetchers that run with a profile's cookie jar.

BUG= 116253 
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9545005

TBR=jochen@chromium.org
Review URL: https://chromiumcodereview.appspot.com/9600012
------------------------------------------------------------------------
Cc: battre@chromium.org
Owner: jochen@chromium.org
Status: Fixed
Checked this issue on Chrome 18.0.1025.52 and issue does not occur.

Following the same steps as mentioned on top:
1.Open browser
2. Go to settings ,Click on content settings and select "block sites from seetting any data " and "Block third party cookies and site data" options.
3. Cleaned all data in "All cookies and site data" section.
4. Visited the aboive mentioned sites: www.amazon.com, www.blekko.com, www.youtube.com, www.ecosia.org, cnn.com.
5. Went back to "All cookies and site data" section. No data set.
Status: Verified
Project Member

Comment 14 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 15 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Feature-Privacy -Mstone-18 M-18 Cr-Privacy
Project Member

Comment 16 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Sign in to add a comment