New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 593217 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: May 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security
Nag



Sign in to add a comment

PDFs should not be allowed to navigate to "chrome://newtab" URL

Reported by chromium...@gmail.com, Mar 9 2016

Issue description

VERSION
Chrome Version: 51.0.2671.0 canary
Operating System: Windows 7

REPRODUCTION CASE
1. Open testcase.pdf in Chrome.
2. Click on the link (chrome://newtab).


 
testcase.pdf
49.1 KB Download
Cc: thestig@chromium.org och...@chromium.org creis@chromium.org
Components: Internals>Plugins>PDF
Labels: Security_Severity-Medium Security_Impact-Stable
Owner: tsepez@chromium.org
Status: Assigned (was: Unconfirmed)
Tom, any idea why this is not going through the usual url checks.
Labels: M-50
Project Member

Comment 3 by ClusterFuzz, Mar 10 2016

Labels: Pri-1
Cc: mkwst@chromium.org
See also  bug 588374  and  bug 533520 , which are somewhat related.
Also  issue 528505  which is similar to this issue.
Project Member

Comment 6 by ClusterFuzz, Apr 1 2016

Labels: Nag
tsepez@: Uh oh! This issue is still open and hasn't been updated in the last 21 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 21 2016

tsepez: Uh oh! This issue still open and hasn't been updated in the last 43 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Any updates on this bug?
Project Member

Comment 9 by sheriffbot@chromium.org, May 6 2016

tsepez: Uh oh! This issue still open and hasn't been updated in the last 58 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Status: WontFix (was: Assigned)
Hmmm.  The example .pdf is actually navigating to https://www.google.com/_/chrome/newtab, eg.

<</Type /Action /S /URI /URI (https://www.google.com/_/chrome/newtab)>>

Which would be allowed for HTML as well, so I don't think there's an issue here.
Project Member

Comment 11 by sheriffbot@chromium.org, Sep 1 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 12 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 13 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment