New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 442670 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit 15 days ago
Closed: Feb 2015
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: NPAPI windowless flash can listen system input events (bypassing browser)

Reported by mmaliszk...@opera.com, Dec 16 2014

Issue description

Bug reported to us by Adobe.

REPRODUCTION CASE
1. See repro.zip
2. Click around upper left corner to focus flash.
2. When you press 'A' with focus on flash, you will here a sound.
3. Open browser tabs or try to shift focus to other windows and press 'A' and you can still hear the sound

EXPECTED RESULT
No sound when flash is not focused.

CAUSE
Browser is not sending PluginMsg_SetFocus (NPP focus events) while tab changes or window looses focus. Flash uses some kind of system hook and without focus events it is not able to deactivate it (it's weird and I have no idea why it does that).

VERSION
Chrome Version: since the early beginnings
Flash Version: since unknown version
Operating System: Windows
 
repro.zip
16.0 KB Download

Comment 2 by tsepez@chromium.org, Dec 16 2014

Labels: Security_Severity-Low Security_Impact-Stable M-41 Pri-2 Cr-Internals-Plugins-Flash
Owner: bbudge@chromium.org
Status: Assigned
Bill, care to take a look or re-assign as appropriate? Thanks.
Could you cc esprehn?
Cc: esprehn@chromium.org
Sorry for the delay.
Project Member

Comment 5 by bugdroid1@chromium.org, Feb 2 2015

The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=189331

------------------------------------------------------------------
r189331 | mmaliszkiewicz@opera.com | 2015-02-02T11:53:52.259630Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/page/FocusController.cpp?r1=189331&r2=189330&pathrev=189331
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/HTMLPlugInElement.cpp?r1=189331&r2=189330&pathrev=189331
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/html/HTMLPlugInElement.h?r1=189331&r2=189330&pathrev=189331

Send NPAPI focus messages when web contents is blurred or focused

Adobe Flash requires NPP focus event to switch system input events listening.
If this event is not sent, Flash plugin malfunctions and acts as a global system
keylogger (bypassing the browser).

BUG= 442670 

Review URL: https://codereview.chromium.org/809523003
-----------------------------------------------------------------

Comment 6 by jsc...@chromium.org, Feb 12 2015

Status: Fixed
Looks like this was fixed, and if it wasn't it can be closed anyway because NPAPI is no longer supported.
Labels: Release-0-M42
Based on rev number, this didn't make M41.
Project Member

Comment 8 by ClusterFuzz, May 21 2015

Labels: -Restrict-View-SecurityTeam
Bulk update: removing view restriction from closed bugs.
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, Oct 1 2016

Labels: Restrict-View-SecurityNotify
Project Member

Comment 11 by sheriffbot@chromium.org, Oct 2 2016

Labels: -Restrict-View-SecurityNotify
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment