Issue metadata
Sign in to add a comment
|
Alert dialog shows the title of another tab |
||||||||||||||||||||||
Issue descriptionVersion: 56.0.2906.0 dev OS: Linux What steps will reproduce the problem? (1) ??? (somehow got into this state) (2) Have https://inbox.google.com/u/0/?pli=1 as a pinned tab. (3) Visit https://github.com/WICG/web-share/issues/7#issuecomment-257659069 (4) Open devtools. (5) alert('This is a GitHub alert') What is the expected output? The dialog is titled "github.com". What do you see instead? The dialog is titled "Inbox by Gmail". See screenshot. I don't know how I got into this state. I can consistently reproduce this for that one tab; all the other tabs are fine. If I duplicate the tab, the duplicated tab also has this issue. But if I open a new tab and navigate to the same URL, the bug goes away. I think it will be hard to get back into this state. Marking security because may allow spoofing.
,
Nov 2 2016
The title of the alert is interesting. It should normally say "inbox.google.com says:". Is it possible that an extension called "Inbox by Gmail" is overriding the alert function and providing its own?
,
Nov 2 2016
Yeah I noticed that. I do have this extension installed: https://chrome.google.com/webstore/detail/inbox-by-gmail/pkclgpgponpjmpfokoepglboejdobkpl But I believe it's a Hosted App, not an Extension.
,
Nov 2 2016
,
Nov 2 2016
Hosted App, extension, same thing for these purposes. JavaScriptDialogManager::GetTitle returns the name of the extension as the dialog title, but only if the origin url matches. In any case, this is disturbing because it seems like the extension system is mixing up WebContentses, perhaps? rdevlin.cronin, benwells, thoughts here?
,
Nov 3 2016
,
Nov 3 2016
,
Nov 3 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 3 2016
,
Nov 3 2016
Devlin, I'm pretty flat out, could you look after this?
,
Nov 3 2016
I'm at an all-day workshop for today, but should be able to circle back tomorrow more fully - but a few quick thoughts: The fact that we're maybe mixing up web contents (or somehow getting this very wrong) is a little terrifying - and rather surprising. Maybe somehow with using processes when we shouldn't? But I don't think we group web/extension processes...hmmm. I think a stack trace here would be very useful in seeing which flow this is all going through to open the alert and tracking down where it goes wrong - avi/mguica, and chance of uploading one? Or is this only reproable on a real chrome?
,
Nov 3 2016
#11 This isn't reproable at all. It just happened once. It remained in a consistent state until I closed the tab. I wish I'dve logged the process IDs for those tabs (to see if the renderers were shared) but they're long gone. Sorry. We might just have to leave this bug to see if it shows up again.
,
Nov 17 2016
avi: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 1 2016
avi: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 1 2016
,
Dec 2 2016
,
Dec 8 2016
Moving to ReleaseBlock-Stable so this still gets tracked in the milestone
,
Dec 16 2016
avi@ - are you best placed to take a look at this?
,
Dec 16 2016
We have no repro, no hints as to what happened, no idea what's going on here. If it'll help I can close this as WontFix.
,
Dec 19 2016
Thanks avi@. Closing as WontFix. mgiuca@ - please file a new issue if you can find a way to reproduce this. Cheers!
,
Mar 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mgiuca@chromium.org
, Nov 2 2016170 KB
170 KB View Download