New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 640464 link

Starred by 1 user
Status: WontFix
Owner:
jww@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Cc:
ios-bugs@chromium.org
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: SRI bypass by loading same resource twice in same origin on iOS

Reported by chromium...@gmail.com, Aug 24 2016 
VERSION
Chrome Version: 52.0.2743.84
Operating System: iOS

REPRODUCTION CASE
Note: Able to reproduce this issue only on iOS.

PoC: https://heisenberg.co/sridemo/sameorigin/

Comment 1 by chromium...@gmail.com, Aug 24 2016 

Expected result: Error when you click on the button to inject the script with the invalid SRI hash as on Windows, Linux and Android...

Actual result: Execution of remote code with the invalid SRI hash.

Comment 2 by mbarbe...@chromium.org, Aug 24 2016

Owner: jww@chromium.org
Status: Assigned (was: Unconfirmed)
I'm pretty sure our SRI implementation is in Blink, so there might not be anything we can do on iOS other than report this to Apple (though we are still interested in these cases). That said, I don't really know what's involved here.

jww: Anything we can do here?

Comment 3 by vakh@chromium.org, Sep 1 2016 

jww@ -- ping.

Comment 4 by chromium...@gmail.com, Sep 8 2016 

Any updates on this bug?

Comment 5 by jww@chromium.org, Sep 8 2016

Status: WontFix (was: Assigned)
Hi, sorry, this came by while I was on vacation, and I completely missed it.

Yes, mbarbella@'s comment is correct. SRI is inside of the web platform, and thus we don't control it on iOS, and in particular, it isn't implemented in WebKit, so it doesn't work in Chrome on iOS.

Comment 6 by jww@chromium.org, Sep 8 2016

Labels: OS-iOS

Comment 7 by jww@chromium.org, Sep 8 2016

Labels: -Restrict-View-SecurityTeam

Sign in to add a comment