Window title contains page title text from incognito mode tab
Reported by
juho.tyk...@gmail.com,
Oct 11 2016
|
||
Issue descriptionPRIVACY ISSUE Window title contains page title text from incognito mode tab and that is obtainable with different ways from 3rd party applications or operating system itself. VERSION: Chromium Version: Chromium 53.0.2785.143 stable Operating System: Debian GNU/Linux 8.6 kernel 3.16.0-4-amd64 REPRODUCTION STEPS (Linux, X.org) Install and run xdotool to obtain active window name. Make it run every 2 seconds (watch's default): $ watch xdotool getactivewindow getwindowname Start Chromium and open incognito mode and resize browser window to smaller size so you can see terminal (watch output) and browser at a same time. Browse to some veiled site and see window title in terminal. REPRODUCTION STEPS (Windows 7+) https://code.msdn.microsoft.com/windowsapps/How-to-get-the-title-of-4ec7f32f
,
Oct 12 2016
I agree: https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- Also you could still capture the title and content of the incognito mode window, capture URLs, etc. |
||
►
Sign in to add a comment |
||
Comment 1 by elawrence@chromium.org
, Oct 11 2016