New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 645011 link

Starred by 1 user

Issue metadata

Status: Archived
Owner: ----
Closed: Jun 2018
Cc:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Slow saml_injected.js

Reported by cristian...@gmail.com, Sep 8 2016

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
I was looking at the the Timeline graph of the page : http://riotjs.com/examples/todo-app-precompiled/
And I noticed a pretty long execution time for saml_injected.js.
The script does not event show up on another Mac I have. The header seems legit but the code is relatively different to the code I can find here: https://chromium.googlesource.com/chromium/chromium/+/ee59ff6107cb390a75a2cd4775c7fb57218d9755/chrome/browser/resources/gaia_auth/saml_injected.js?autodive=0%2F%2F%2F

VERSION
Chrome Version: [52.0.2743.116] + [stable]
Operating System: [10.11.6 (15G1004)]

REPRODUCTION CASE
I cannot reproduce on a different machine.
I am attaching the code I have on the suspicious machine and the screenshot that I can see.


 
Screen Shot 2016-09-07 at 10.50.19 PM.png
329 KB View Download
saml-injected.js
7.2 KB View Download

Comment 1 by wfh@chromium.org, Sep 8 2016

Cc: bartfab@chromium.org jayhlee@chromium.org
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Performance OS-All Pri-2 Type-Bug
Summary: Slow saml_injected.js (was: Security: Unusual saml_injected.js)
i see no difference between the saml-injected.js and the saml_injected.js on https://cs.chromium.org/chromium/src/chrome/browser/resources/gaia_auth/saml_injected.js?sq=package:chromium&dr

I don't think this is a security bug but perhaps a perf issue to be investigated if the script is taking a long time.

Comment 2 by wfh@chromium.org, Sep 8 2016

Cc: xiy...@chromium.org
emm, sounds like somehow the deprecating gaia_auth extension is in action again.

What is the OS? And is it possible that a tab with chrome:://signin-in is opened somewhere?
Labels: -Performance Performance-Loading Needs-Investigation
Status: Available (was: Unconfirmed)
Project Member

Comment 5 by sheriffbot@chromium.org, Apr 27 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Status: Archived (was: Untriaged)
Closing stale issue.

Sign in to add a comment