New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 645745 link

Starred by 2 users
Status: Fixed
Owner:
lshang@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Cc:
msramek@chromium.org
raymes@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

Unable to block cookies

Reported by patently.paul@gmail.com, Sep 10 2016 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2856.0 Safari/537.36

Steps to reproduce the problem:
1. go to a website that has cookies
2. select a cookie (like doubleclick.net) and click on <block> (I have chromium in german)
3. It prompts you to refresh the page

What is the expected behavior?
After refresh the cookie (or the domain holding cookies) should be seen at the "blocked"-top on the cookie list

What went wrong?
The same cookie domain is visible on the cookie tab and nothing got blocked.

Did this work before? Yes Probably the versions before this?

Chrome version: 55.0.2856.0  Channel: n/a
OS Version: Linux Kachel 4.4.0-36-generic #55-Ubuntu SMP Thu Aug 11 18:01:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Flash Version: 

I've downloaded the daily build of chromium from https://download-chromium.appspot.com/

Comment 1 by elawrence@chromium.org, Sep 11 2016

Components: Internals>Permissions

Comment 2 by wfh@chromium.org, Sep 12 2016

Components: Privacy
Labels: -OS-Linux -Pri-2 ReleaseBlock-Dev M-55 Needs-Bisect OS-All Pri-1
Status: Untriaged (was: Unconfirmed)
I can repro in 55.0.2858.0 canary (64-bit) but not in 53.0.2785.101 m (64-bit) so this seems like a regression.

Comment 3 by wfh@chromium.org, Sep 12 2016

Cc: msramek@chromium.org raymes@chromium.org
Labels: Security_Severity-High
Owner: lshang@chromium.org
Status: Assigned (was: Untriaged)
You are probably looking for a change made after 408064 (known good), but no later than 408071 (first known bad).
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/e8d5056..32dad58?pretty=fuller

looks like https://codereview.chromium.org/2075103002 -> lshang

Comment 4 by wfh@chromium.org, Sep 12 2016

Labels: -Needs-Bisect

Comment 5 by wfh@chromium.org, Sep 12 2016

Labels: -M-55 -ReleaseBlock-Dev ReleaseBlock-Stable M-54
This CL was initially in 54.0.2810.0 so it's actually in M54 already? Please address this as soon as possible since this seems like quite a serious regression to me.

Comment 6 by raymes@chromium.org, Sep 13 2016 

Thanks for catching. lshang@ I think we should probably revert the cookies change on ToT and merge the fix to M54. 

We should investigate why this is happening though, as discussed.
Project Member

Comment 7 by sheriffbot@chromium.org, Sep 13 2016

Labels: Security_Impact-Beta

Comment 9 by msramek@chromium.org, Sep 13 2016 

The revert has landed - let's see if it fixed OP's problem when it gets to Canary and merge it.

The migration to origin scoping has been reverted much earlier, so there's nothing more to do there. But we might want to consider doing backwards migration (on the same heuristic principle - assuming that all non-wildcard exceptions are wrong) to fix it retrospectively for users like the bug reporter.

More importantly, we could take advantage of these changes and of what we have learned from the problems with the migration, and finally get the cookie scoping right - and that's not to ContentSettingsPattern::FromUrl(), but to the eTLD+1.

Comment 10 by lshang@chromium.org, Sep 15 2016

Labels: Merge-Request-54
Requesting merge of #8 to M54. We did some migration in M54 and this cookie bug occurred due to the migration. This revert fix has been verified on Canary. Merging it to M54 so that the bug won't go into stable.

Comment 11 by dimu@chromium.org, Sep 15 2016

Labels: -Merge-Request-54 Merge-Approved-54 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M54 (branch: 2840)
Project Member

Comment 12 by bugdroid1@chromium.org, Sep 15 2016

Labels: -merge-approved-54 merge-merged-2840
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8

commit 8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8
Author: Raymes Khoury <raymes@chromium.org>
Date: Thu Sep 15 02:43:04 2016

Revert cookies back to be domain scoped

Revert cookie scoping back to domain-based.

BUG= 645745 

Review-Url: https://codereview.chromium.org/2337873002
Cr-Commit-Position: refs/heads/master@{#418233}
(cherry picked from commit 88f013bd979ec30333bd7ce6c0bd2e0b5f6f2742)

Review URL: https://codereview.chromium.org/2342743002 .

Cr-Commit-Position: refs/branch-heads/2840@{#372}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}

[modify] https://crrev.com/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8/chrome/browser/browsing_data/cookies_tree_model_unittest.cc
[modify] https://crrev.com/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8/chrome/browser/content_settings/host_content_settings_map_unittest.cc
[modify] https://crrev.com/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8/components/content_settings/core/browser/content_settings_registry.cc
[modify] https://crrev.com/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8/components/content_settings/core/browser/host_content_settings_map.cc
[modify] https://crrev.com/8f5dd2a6fd71dbf05fcd87524d3a53aa3b9696c8/components/content_settings/core/browser/website_settings_info.h
Project Member

Comment 13 by sheriffbot@chromium.org, Sep 15 2016

Status: Fixed (was: Assigned)
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 14 by sheriffbot@chromium.org, Sep 16 2016

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 15 by awhalley@chromium.org, Sep 23 2016

Labels: reward-topanel

Comment 16 by raymes@chromium.org, Sep 26 2016 

Note that this affected a very specific UI path - it was still possible to block cookies through several other UI entrypoints.

Comment 17 by awhalley@chromium.org, Oct 7 2016

Labels: -ReleaseBlock-Stable

Comment 18 by awhalley@chromium.org, Oct 16 2016

Labels: -reward-topanel reward-unpaid reward-500

Comment 19 by awhalley@chromium.org, Oct 16 2016

Labels: -Security_Severity-High Security_Severity-Medium
Congratulations, the panel decided to award $500 for this bug.  A member of our finance team will be in touch shortly.

*** Boilerplate reminders! ***
Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an established charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing.
*********************************

Comment 20 by awhalley@chromium.org, Oct 16 2016

Labels: reward-inprocess

Comment 21 by awhalley@chromium.org, Oct 16 2016

Labels: -reward-unpaid
Project Member

Comment 23 by sheriffbot@chromium.org, Dec 22 2016

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment