Need a permission warning for chrome extension API system.storage
Reported by
tom.k.hi...@gmail.com,
May 28 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: 1. Install the extension 2. The extension does not show any security warnings 3. If any removable storage is inserted it will immediately be ejected What is the expected behavior? A warning is shown when installing the extension that the extension could eject media. What went wrong? There is no warning this could be used to affect users by sending data about removable media to the owner of the extension and ejecting them while in use. This could damage files on the storage media or interrupt usage of the device. Did this work before? No Does this work in other browsers? N/A Chrome version: 58.0.3029.110 Channel: stable OS Version: 10.0 Flash Version:
,
May 31 2017
,
Jun 2 2017
I agree there should be a warning for this. There's no reason the system storage API shouldn't have one. srahim@, can you help us wordsmith a bit? :) The documentation for the API is at https://developer.chrome.com/extensions/system_storage, and the short version is that this lets the extension query and eject connected storage devices.
,
Jun 7 2017
,
Jun 9 2017
Maybe something like • Query and Eject storage devices.
,
Jun 22 2017
Devlin & I discussed and we propose "Identify and eject storage devices" for the permission string.
,
Jun 22 2017
,
Jun 24 2017
Sounds good.
,
Aug 24 2017
crbug was down at the time, but revision c851bb7638c6e07be84af43fef43afd769e62d6e adds this permission. Closing this out. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by jbanavatu@chromium.org
, May 31 2017Components: Platform>Extensions>API
Labels: M-60
Status: Untriaged (was: Unconfirmed)