New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 705128 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
nick@chromium.org
rdevlin....@chromium.org
creis@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Track which extensions have been uninstalled to have tighter security checks

Project Member Reported by creis@chromium.org, Mar 24 2017 
Some security checks look at extension URLs and want to distinguish between extensions that have been uninstalled and those that were never installed.  This matters because some aspects of an extension can stick around and continue to make requests after uninstallation, such as XHRs from content scripts or extension subframes.

If we keep track of which extensions have been uninstalled, Chrome can avoid treating these leftover actions as malicious.  This might help avoid unnecessary renderer kills, as we saw in issue 613335.

One example of a check that could benefit from this list is CheckOriginHeader in ChromeContentBrowserClientExtensionsPart.  In that case, it would be worth tracking not just which extensions were uninstalled, but also whether they were platform apps.
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 28 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 2 by rdevlin....@chromium.org, Nov 30

Status: Available (was: Untriaged)
Still a good idea.

Sign in to add a comment