New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Owner:
Ooo until EOY 2017. Assign no bugs.
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment
Security: Field validation bubbles can appear over the wrong tab
Reported by chromium...@gmail.com, Apr 20 2017 Back to list
VERSION
Chrome Version: Canary 60.0.3076.0
Operating System: Windows 7

REPRODUCTION CASE
1. Open testcase.html.
2. Click on the button and observe.

From  bug 673163  and  bug 704560 .
 
screenshot.png
154 KB View Download
testcase.html
3.4 KB View Download
Components: Blink>Forms>Validation
Status: Untriaged
Confirmed.
 Issue 713477  has been merged into this issue.
Comment 3 by meacer@chromium.org, Apr 20 2017
Labels: Security_Severity-Medium Security_Impact-Head OS-All
Owner: tkent@chromium.org
Status: Assigned
tkent: Can you please take a look?
Comment 4 by tkent@chromium.org, Apr 21 2017
Cc: keishi@chromium.org
Status: Started
Oh, print()! interesting.


Project Member Comment 5 by bugdroid1@chromium.org, Apr 21 2017
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9dbd356b0cc52911caef089b09de63572cd9e39f

commit 9dbd356b0cc52911caef089b09de63572cd9e39f
Author: tkent <tkent@chromium.org>
Date: Fri Apr 21 06:38:15 2017

window.print() should close form validation bubble.

Usually, window.open() deactivates the origin window and validation bubble on the
origin window is closed. However, if window.print() is executed, it suspends message
loop of the window, and deactivation isn't noticed until print dialog is closed.
So, we need to close validation popup explicitly for window.print().

BUG= 713686 

Review-Url: https://codereview.chromium.org/2834783002
Cr-Commit-Position: refs/heads/master@{#466273}

[modify] https://crrev.com/9dbd356b0cc52911caef089b09de63572cd9e39f/third_party/WebKit/Source/web/ChromeClientImpl.cpp
[modify] https://crrev.com/9dbd356b0cc52911caef089b09de63572cd9e39f/third_party/WebKit/Source/web/ChromeClientImpl.h
[modify] https://crrev.com/9dbd356b0cc52911caef089b09de63572cd9e39f/third_party/WebKit/Source/web/ValidationMessageClientImpl.cpp
[modify] https://crrev.com/9dbd356b0cc52911caef089b09de63572cd9e39f/third_party/WebKit/Source/web/ValidationMessageClientImpl.h

Project Member Comment 6 by sheriffbot@chromium.org, Apr 21 2017
Labels: M-59
Project Member Comment 7 by sheriffbot@chromium.org, Apr 21 2017
Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 8 by sheriffbot@chromium.org, Apr 21 2017
Labels: Pri-1
Verified on 60.0.3078.0. Thanks for the quick fix!
Project Member Comment 10 by sheriffbot@chromium.org, Apr 22 2017
Labels: -Security_Impact-Head Security_Impact-Beta
Comment 11 by tkent@chromium.org, Apr 23 2017
Labels: -ReleaseBlock-Beta -Security_Impact-Beta -M-59 Security_Impact-Stable Merge-Request-58 Merge-Request-59
Status: Fixed
This affects 58 stable.

Project Member Comment 12 by sheriffbot@chromium.org, Apr 23 2017
Labels: -Merge-Request-59 Hotlist-Merge-Approved Merge-Approved-59
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 13 by sheriffbot@chromium.org, Apr 23 2017
Labels: -Merge-Request-58 Merge-Review-58 Hotlist-Merge-Review
This bug requires manual review: We are only 1 days from stable.
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 14 by sheriffbot@chromium.org, Apr 23 2017
Labels: -Merge-Request-59 Hotlist-Merge-Approved Merge-Approved-59
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Comment 15 Deleted
+awhalley@ for M58 merge review. Please note M58 is already in Stable and bar is VERY high to take any merges in for future stable refresh if any.
Please merge your change to M59 branch #3071 latest before 4:00 PM PT, Monday (04/24) so we can take it for next week last M59 dev release. Thank you.
Project Member Comment 18 by bugdroid1@chromium.org, Apr 24 2017
Labels: -merge-approved-59 merge-merged-3071
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/31455b249cf2737bf96ab751252b84e8c85b3804

commit 31455b249cf2737bf96ab751252b84e8c85b3804
Author: Kent Tamura <tkent@chromium.org>
Date: Mon Apr 24 00:59:15 2017

Merge "window.print() should close form validation bubble." to M59

Usually, window.open() deactivates the origin window and validation bubble on the
origin window is closed. However, if window.print() is executed, it suspends message
loop of the window, and deactivation isn't noticed until print dialog is closed.
So, we need to close validation popup explicitly for window.print().

BUG= 713686 

Review-Url: https://codereview.chromium.org/2834783002
Cr-Commit-Position: refs/heads/master@{#466273}
(cherry picked from commit 9dbd356b0cc52911caef089b09de63572cd9e39f)

Review-Url: https://codereview.chromium.org/2833303002 .
Cr-Commit-Position: refs/branch-heads/3071@{#151}
Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641}

[modify] https://crrev.com/31455b249cf2737bf96ab751252b84e8c85b3804/third_party/WebKit/Source/web/ChromeClientImpl.cpp
[modify] https://crrev.com/31455b249cf2737bf96ab751252b84e8c85b3804/third_party/WebKit/Source/web/ChromeClientImpl.h
[modify] https://crrev.com/31455b249cf2737bf96ab751252b84e8c85b3804/third_party/WebKit/Source/web/ValidationMessageClientImpl.cpp
[modify] https://crrev.com/31455b249cf2737bf96ab751252b84e8c85b3804/third_party/WebKit/Source/web/ValidationMessageClientImpl.h

Project Member Comment 19 by sheriffbot@chromium.org, Apr 24 2017
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Labels: -Merge-Review-58 Merge-Reject-58
No need to rush this into a 58 stable update.
Labels: -Merge-Reject-58 Merge-Rejected-58
Applying "Merge-Rejected-58" label per comment #20.
Labels: reward-topanel
Labels: -reward-topanel reward-unpaid reward-500
The panel decided to award $500 for this bug.  Thanks as ever!
Labels: -reward-unpaid reward-inprocess
Labels: M-59
Labels: -Hotlist-Merge-Review -Hotlist-Merge-Approved
Labels: Release-0-M59
Labels: CVE-2017-5079
Project Member Comment 30 by sheriffbot@chromium.org, Jul 31
Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Sign in to add a comment