New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 617003 link

Starred by 6 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature
Team-Security-UX

Blocking:
issue 616996



Sign in to add a comment

Consider protocol handlers and custom search engines to be powerful features

Project Member Reported by lgar...@chromium.org, Jun 3 2016

Issue description

Websites can currently ask to install protocol handlers (notable, mailto:) or search engines (for "Tab to search" [1][2]) when users visit.

For protocol handlers, the user must click on a page action indicator to approve the handler. Search engines are added automatically if the user visits a site that asks, or performs a certain search on a site [1].

Once installed, a handler allows sites to intercept links and queries that are reasonably likely to be valuable/sensitive to the user.

I would like us to consider protocol handlers and custom search engines these to be powerful features [3][4] and disable the normal installation process from non-secure origins.
(However, it seems okay to me to allow users to explicitly add insecure origins as handlers in settings if they want.)

jww@, how do we go about defining what is a powerful feature? Should we start by measuring usage on secure vs. insecure origins?
Is there an a priori process that possibly disqualifies these from being considered secure features?

[1] https://www.chromium.org/tab-to-search 
[2] Also see 616996 (currently restricted).
[3] https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
[4] https://www.w3.org/TR/secure-contexts/
 

Comment 1 by f...@chromium.org, Jun 3 2016

Cc: emilyschechter@chromium.org
+emilyschechter as FYI on potential deprecations

Comment 2 by palmer@chromium.org, Jun 10 2016

Cc: mkwst@chromium.org palmer@chromium.org
I think this is a good idea. +mkwst

Comment 3 by mea...@chromium.org, Jun 10 2016

Do we have any metrics about these?

Comment 4 by mkwst@chromium.org, Jun 10 2016

I also think this is a good idea. Did you want to run with this, Lucas? If so, godspeed. :)

Comment 5 by mkwst@chromium.org, Jun 10 2016

I'm adding metrics in https://codereview.chromium.org/2053343002 (Sorry Lucas. It was trivial, and I had time to kill this afternoon; I would love it if you would drive the rest!)

Comment 7 by f...@chromium.org, Jun 30 2016

Labels: -Type-Bug Type-Feature
Blocking: 616996
Components: -Security>UX Internals>Permissions>Model
Cc: pkasting@chromium.org
FWIW, I really think we should NOT consider search engines to be "powerful features" and restrict them.  I'd like to understand better the benefits that that would be seen to provide (i think they're low).  The costs of doing this are high.
(See also bug 616996 comment 7.)
Labels: Hotlist-EnamelAndFriendsFixIt
Owner: est...@chromium.org
Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment