chrome://predictors/ database cannot be cleared by clearing browsing data until after a restart |
|||
Issue descriptionPRIVACY ISSUE chrome://predictors/ shows all the predicted/pre-rendered URLs that were successful, and therefore leaks private information - both the phrases that the user typed and the URLs that were subsequently visited and prerendered. When clearing browsing data, it should delete it immediately, but it doesn't until after a restart - there is no indication of this in the UI, so the user will think the private data is deleted immediately, but it can still be seen by loading chrome://predictors/ VERSION: Chrome Version: 56.0.2924.3 dev, 57.0.2931.0 canary Operating System: Windows 7 64 bit REPRODUCTION STEPS 1. Open a new tab in Chrome. 2. Type ulv.no and press Enter. 3. When the page loads, close the tab. 4. Repeat steps 1-3 another two times, so that the URL gets added into the predictors list. 5. Verify that the URL is added into chrome://predictors (it will appear in green) 6. Menu - More tools - Clear browsing data... - From the beginning of time, Browsing history - Clear browsing data 7. Reload chrome://predictors The URL(s) and User Text should be removed, but instead they will remain visible. This is the privacy issue, since other users of the browser can still see the private data. 8. Restart Chrome and load chrome://predictors again Now the URLs will be correctly deleted from the list.
,
Nov 29 2016
The problem was that AutocompleteActionPredictor unsubscribed from HistoryService events after initialization. I submitted a cl for this http://crrev.com/2538763002
,
Dec 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6a66fa4f05011ff93f2f4f5466662af9c7b16b9a commit 6a66fa4f05011ff93f2f4f5466662af9c7b16b9a Author: dullweber <dullweber@chromium.org> Date: Fri Dec 16 09:42:02 2016 Data from the autocomplete predictor wasn't deleted immediately when deleting browsing history. The cleanup method DeleteOldEntries() only deleted the data on next start because the corresponding history entries didn't exist anymore. The problem is that the AutocompleteActionPredictor unsubscribes from HistoryService events and doesn't get notified about history deletion. The deletion method was added in this cl: http://crrev.com/773103004 but it was never called as OnHistoryServiceLoaded() removed the subscription after initialization. The same issue exists and is fixed in the ResourcePrefetchPredictor code. BUG= 668715 Review-Url: https://codereview.chromium.org/2538763002 Cr-Commit-Position: refs/heads/master@{#439077} [modify] https://crrev.com/6a66fa4f05011ff93f2f4f5466662af9c7b16b9a/chrome/browser/predictors/autocomplete_action_predictor.cc [modify] https://crrev.com/6a66fa4f05011ff93f2f4f5466662af9c7b16b9a/chrome/browser/predictors/autocomplete_action_predictor.h [modify] https://crrev.com/6a66fa4f05011ff93f2f4f5466662af9c7b16b9a/chrome/browser/predictors/autocomplete_action_predictor_unittest.cc [modify] https://crrev.com/6a66fa4f05011ff93f2f4f5466662af9c7b16b9a/chrome/browser/predictors/resource_prefetch_predictor.cc
,
Dec 20 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by battre@chromium.org
, Nov 28 2016Labels: Hotlist-GoodFirstBug
Owner: zh...@chromium.org
Status: Assigned (was: Untriaged)