Issue 635444 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Aug 2016
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug-Security
Via-Wizard

Native Messaging does not provide a security context to the called host application

Reported by anders.r...@gmail.com, Aug 8 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Steps to reproduce the problem:
Well, it provides no information at all about the caller 

What is the expected behavior?

What went wrong?
Nothing, this is a design issue

Did this work before? No 

Chrome version: 51.0.2704.103  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 22.0 r0

Comment 1 by och...@chromium.org, Aug 9 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

Same deal here as  bug 635442 , I don't think there's much Chrome can do here if you're trying to defend against physically local attacks.

Note that Native Messaging hosts can specify a "allowed_origins" in the manifest to prevent malicious extensions from accessing the host.

Comment 2 by anders.r...@gmail.com, Aug 9 2016

This issue is about being able providing useful information to native applications like in dialog below:
http://webpki.org/xmlns/webpay/v1/webpay-card-payment-messages.html#p4

►

Issue 635444 link

Issue metadata

Native Messaging does not provide a security context to the called host application

Issue description

Comment 1 by och...@chromium.org, Aug 9 2016

Comment 1 Deleted

Comment 2 by anders.r...@gmail.com, Aug 9 2016

Comment 2 Deleted

Sign in to add a comment