New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 2016
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security

Sign in to add a comment

Issue 627299: Security: Proxy settings persists from guest mode

Reported by, Jul 12 2016

Issue description

Setting a proxy for a network in guest mode persists even after guest mode. This is for both entering a proxy in the network settings or entering a Proxy auto config file path (PAC). This affects ChromeOS on the login screen until the user either logs in or enters guest mode.

We saw the following URLs:,CBI,CCI,CAS,CCS&rep=2&rlz=CA:,CB:,CC:

If a proxy is setup for all protocols, even SSL traffic was observed going through the proxy although it will probably will use CA verification to avoid MITM.

Chrome Version: 51.0.2704.106 (stable)
Operating System: ChromeOS 8172.62.0 (stable)

1. Setup a proxy on the local LAN.
2. Login as guest.
2. Set a proxy in the shared network pointing to the proxy.
3. Restart but do not login.
4. Observe proxy calls.

Alternatively, you can put in a PAC file and observe requests to it after reboot.

(somewhat related to

Comment 2 by, Jul 13 2016

Components: Internals>Network>Proxy
Labels: Security_Impact-Stable OS-Chrome
CC-ing some net OWNERS.

Comment 3 by, Jul 13 2016

Components: OS>Systems>Network
I don't think the network stack team owns the proxy configuration UI on ChromeOS - on all other platforms, we use the platform config, so this is unique ChromeOS code, and unique ChromeOS UI, none of it in net/, ProfileIOData, or IOThread.

Comment 4 by, Jul 13 2016

Labels: Security_Severity-High

Comment 5 by, Jul 13 2016

To clarify - the proxy settings only persist during the login screen, once a user logs in or the guest logs the proxy settings become disabled. But they do persist even after a reboot.

Comment 6 by, Jul 14 2016

Project Member
Labels: M-51

Comment 7 by, Jul 14 2016

Project Member
Labels: Pri-1

Comment 8 by, Jul 15 2016

bartfab@ and wad@, I wonder if you have insight about this. Thanks1

Comment 9 by, Jul 18 2016


Comment 10 by, Jul 18 2016

Labels: -Security_Severity-High Security_Severity-Low

Comment 11 by, Jul 19 2016

Project Member
Labels: -Pri-1 Pri-2

Comment 12 by, Jul 19 2016

Status: Assigned (was: Unconfirmed)
This is very similar to #600195, except that the other one persists even after login.

Comment 14 by, Jul 21 2016

Project Member
Labels: -M-51 M-52

Comment 15 by, Jul 21 2016

Components: Enterprise
Owner: ----
Status: Available (was: Assigned)
I don't work on Chrome OS anymore. Adjusting tags to make sure this gets picked up by our triage rotation.

Comment 16 by, Aug 9 2016

Status: WontFix (was: Available)
Closing WAI per

Comment 17 by, Aug 9 2016

 Issue 600195  is security restricted (As is this one).  If both are WAI, should probably open them up to the public.

Comment 18 by, Aug 9 2016

Labels: -Restrict-View-SecurityTeam
Yup, I forgot to lift the restriction. Fixed.

Comment 19 by, Mar 9 2017


Sign in to add a comment