New issue
Advanced search Search tips

Issue 597010 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Mar 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: CrashPad reports

Reported by yunusemr...@gmail.com, Mar 22 2016 
C:\src\syzygy\src\syzygy>dir "c:\users\siggi\AppData\Local\Google\Chrome SxS\User Data\Crashpad\reports"\*
 Volume in drive C has no label.
 Volume Serial Number is 824F-EA5A

 Directory of c:\users\siggi\AppData\Local\Google\Chrome SxS\User Data\Crashpad\reports

03/21/2016  09:38 AM    <DIR>          .
03/21/2016  09:38 AM    <DIR>          ..
01/21/2016  10:47 AM           932,432 0270d88a-7728-4562-b0d3-b4f73c380cf7.dmp
01/06/2016  04:38 PM           763,792 05e56a37-3547-4b4d-9068-23c3fb3d896d.dmp
01/18/2016  09:35 AM           180,304 06e2fc18-624f-4921-9989-84895987f28a.dmp
01/13/2016  10:22 AM            91,920 08362e43-d745-422a-9db3-509d8de72f4c.dmp
01/07/2016  02:36 PM           178,352 083dcea8-057b-4904-b2d6-d793a3c38b65.dmp
01/11/2016  09:53 AM           110,528 0e003351-32c1-49bd-a4dc-ebc64aadef61.dmp
03/16/2016  10:41 AM           541,392 0f42a892-6942-4303-9998-b414232cae21.dmp
03/16/2016  10:41 AM        25,912,320 136a31c7-9fc2-43b5-aeaf-a2bfde7f8ea4.dmp
01/12/2016  03:40 PM           177,968 1789618d-10f4-4563-a03a-29ec75ee028f.dmp
03/21/2016  09:38 AM           588,544 1e61ccfb-982e-4976-8964-2a6b379b6a0f.dmp
01/11/2016  09:53 AM           120,848 217ec146-23e3-4b2c-b8b2-89be8cc3c840.dmp
03/17/2016  10:44 AM           812,928 2e325862-6990-468f-9fe1-4de0729e274c.dmp
01/22/2016  02:11 PM           863,472 39583275-db5c-44f1-b1cc-70be92d1ebed.dmp
01/26/2016  10:59 AM           375,040 3efc4435-c106-4f2f-987a-b2647e1372ce.dmp
01/13/2016  10:22 AM           116,752 41f3df78-4dbe-4483-bdb9-624366b5d439.dmp
01/06/2016  11:02 AM           890,064 46619391-58ad-47e1-a418-1428ea0b88c4.dmp
03/16/2016  11:02 AM           690,496 47096a06-7c02-4268-8fbd-5ee31de4d32c.dmp
03/17/2016  08:50 AM           731,504 490e76ac-3ff7-4c33-a8dc-4b79daccb3c6.dmp
03/16/2016  02:48 PM           657,360 53c3aae4-a37f-406f-9459-00932b8e80b8.dmp
01/18/2016  09:35 AM           120,560 568748bc-660b-43bb-8c85-67dfd80a996d.dmp
01/07/2016  02:36 PM           117,600 59380d05-a5b6-400d-9469-4a209ee07da3.dmp
01/21/2016  10:51 AM           932,448 5aa559a3-5caa-4203-919e-aa1c7c7f8f95.dmp
01/11/2016  09:53 AM           119,184 665e2df6-ca37-4242-a3fe-050e0a3ed375.dmp
03/17/2016  10:16 AM           679,280 68a122f8-0c23-4d6d-a70e-84d30bec85e8.dmp
03/21/2016  09:38 AM           572,848 68fbee01-3515-4b22-943e-1d9b6cded44a.dmp
01/13/2016  10:22 AM           179,088 71ce41be-4fe5-48b1-8ace-f2e367761f2c.dmp
01/13/2016  10:22 AM           120,960 76b5023f-9b00-4cd5-9bf9-84853cc34fca.dmp
01/13/2016  10:22 AM           112,608 77aafad7-a139-48fb-acf6-1acadac82b41.dmp
01/06/2016  11:31 AM           813,568 7a3aa2f2-75b2-4147-a67f-ae82357501c7.dmp
01/25/2016  09:59 AM           900,576 7ead3c64-5e44-4749-8771-fdf21650bdab.dmp
03/16/2016  09:06 AM           702,192 8e43770a-af51-40a9-8c8e-7e750eab5708.dmp
03/16/2016  02:57 PM           708,336 8f16c873-040d-470a-8f41-158c331c2008.dmp
03/21/2016  09:38 AM           514,192 93d18656-99bb-4ae8-9d7c-f5b51dc9b5eb.dmp
01/06/2016  07:47 PM           813,344 9bacb5b5-38be-4eb2-8dfd-824dbd312da4.dmp
01/22/2016  10:51 AM           892,272 9f1308e0-c19b-4151-8ad8-a19255461c0b.dmp
01/07/2016  02:36 PM           116,032 b10e6e23-d606-49c5-b2bc-87d1b4ecfa9e.dmp
03/16/2016  10:42 AM           683,344 b6434050-2a61-47ed-8288-079e800f0d1a.dmp
03/17/2016  09:46 AM           687,744 c6fb0871-534e-4312-a0aa-4520b36e1070.dmp
03/17/2016  10:18 AM           664,352 cec57556-c651-4cb3-ba1d-f060c8262e1e.dmp
03/17/2016  09:25 AM           639,312 d231d4be-7a81-43d0-bcdf-7f8b4c971404.dmp
03/07/2016  09:46 AM           169,824 d2a50524-b0a8-4f2b-a6e7-2f73e3e85e57.dmp
01/22/2016  12:44 PM           936,960 d9e887ca-644d-4abc-a43e-4bfde114f4bf.dmp
03/16/2016  10:55 AM           681,328 da571468-8579-455f-a029-0758119a5a73.dmp
01/18/2016  09:35 AM            87,488 ed03c5e2-ea00-4ea4-833b-5ba2975ccf06.dmp
03/21/2016  09:38 AM           446,592 f42ed34f-5736-4397-a37a-ec174225aedf.dmp
01/06/2016  04:40 PM           772,112 fd28fc18-a0f7-48c6-9281-52a1dc6e5fbe.dmp

46 File(s)     48,920,160 bytes
               2 Dir(s)  204,012,019,712 bytes free

client/prune_crash_reports.h
client/prune_crash_reports.cc

Comment 1 by wfh@chromium.org, Mar 22 2016

Labels: OS-Windows
Crashpad\reports in your user's Chrome profile is the location on your disk where the Chrome crash reporter generates crash reports to.

Any attacker with privilege to access this directory already has privilege to do anything they want with your running copy of Chrome.

Can you describe in more detail what attack exactly you are reporting, or I will be closing this bug as WontFix.

Thanks.

Comment 2 by yunusemr...@gmail.com, Mar 22 2016 

 Returns a sensible default condition for removing obsolete crash reports.
>
> The default is to keep reports for one year or a maximum database size of 256 MB.

Comment 3 by wfh@chromium.org, Mar 22 2016

Components: Internals>CrashReporting
Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
this doesn't appear to be a security issue.
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment