That's a sandbox escape if all bluetooth access is available and should not be. Assigning to ben@ who added that code. It was added on June 20th, 2017 so I do not believe this change is in M-60, which branched on Thu, May 25, 2017 PT.

fwiw: ben's patch just moved things around without introducing any new bugs. The original patch landed in September of last year: https://crrev.com/2357383002. Assigning to scheib for triage.

We commit ourselves to a 60 day deadline for fixing for high severity vulnerabilities, and have exceeded it here. If you're unable to look into this soon, could you please find another owner or remove yourself so that this gets back into the security triage queue?

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

scheib@ -- friendly ping from the security sheriff. can you please share an update on this high priority security bug? thanks.

There is a patch in progress.

scheib: any updates on the in-progress patch? Thanks!

Stalled since Nov 3 with non-code obligations. 

https://chromium-review.googlesource.com/c/chromium/src/+/775782

Friendly ping. :) We've blown our fix deadline, and the CL has been quiescent for 12 days. We really need to get this nailed down. Thank you!

Patch needs cleanup and build rules scrutiny, but is progressing and now functional.  I've gotten it unblocked on the mojo changes that were blocking the refactor.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dbe693beefc371f59a6561d6113ddc0c5af76889

commit dbe693beefc371f59a6561d6113ddc0c5af76889
Author: Vincent Scheib <scheib@chromium.org>
Date: Wed Dec 06 00:54:18 2017

bluetooth: internals page: Refactor instantiation of Bluetooth service.

Moves ability to create the //device/bluetooth/public/interfaces Adapter
to chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals_handler.cc
instead of chrome/browser/chrome_content_browser_client.cc

//chrome/browser/ui/webui/bluetooth_internals target created to allow visibility
of //device/bluetooth/public/interfaces:deprecated_experimental_interfaces
to be restricted precisely to the single allowed client.

Numerous build files adjusted as needed to enforce that visibility restriction
and clearly document that the interfaces are only intended to be used by
bluetooth-internals.

Bug:  746132 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: Idcaa51d1ed4fb818bd3d8ae617e41a28eabfcb44
Reviewed-on: https://chromium-review.googlesource.com/775782
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Commit-Queue: Vincent Scheib <scheib@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521924}
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/BUILD.gn
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/browser_resources.grd
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/chrome_content_browser_manifest_overlay.json
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/resources/bluetooth_internals/adapter_broker.js
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/resources/bluetooth_internals/bluetooth_internals.html
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/BUILD.gn
[add] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/BUILD.gn
[add] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/OWNERS
[add] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals.mojom
[add] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals_handler.cc
[add] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals_handler.h
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals_ui.cc
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals_ui.h
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/chrome/test/data/webui/bluetooth_internals_browsertest.js
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/device/BUILD.gn
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/device/bluetooth/BUILD.gn
[delete] https://crrev.com/9d0c82f471d7dfe177f059f9265f4919912823c1/device/bluetooth/adapter_factory.cc
[delete] https://crrev.com/9d0c82f471d7dfe177f059f9265f4919912823c1/device/bluetooth/adapter_factory.h
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/device/bluetooth/public/interfaces/BUILD.gn
[modify] https://crrev.com/dbe693beefc371f59a6561d6113ddc0c5af76889/device/bluetooth/public/interfaces/adapter.mojom

This bug requires manual review: There is .grd file changes and we are only 38 days from stable.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

abdulsyed@ - good for M64

Thanks awhalley@ and scheib@ - a large refactor worries me a bit at this stage. This also contains a grd change. Can we target this for M65 instead?

Rejecting merge for M64. Seems like this has been around for a while (since July) and my recommendation is to wait until M65. 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot