Issue 766384 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 761622
Owner:	----
Closed:	Sep 2017
Components:	Blink>Media Blink>SecurityFeature>SameOriginPolicy
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	1
Type:	Bug-Security
Security allpublic

Previous locations:
monorail:3065

MediaElement.captureStream allows exporting of cross-origin resources

Reported by tristan....@gmail.com, Sep 18 2017

Issue description

Vulnerability Details:
Please provide a brief explanation of the security issue.
Using the MediaElement captureStream on crossOrigin resources should throw a security error, it currently doesn't. This means that the security measures placed on other APIs (e.g WebAudio or Canvas) can be defeated.


What steps will reproduce the problem?
(1) load a cross-origin media in 'media_elt1'
(2) set media1.captureStream resulting MediaStream as the source of 'media_elt2'
(3) draw 'media_elt2' on a canvas and call its `toDataURL` method


Please any provide additional information:

https://jsfiddle.net/w77z6w90/

chrome bug.html
874 bytes View Download

Comment 1 by tristan....@gmail.com, Sep 18 2017

I see my specs are not attached so reproduced on chrome 61.0.3163.91 (Official Build) (64-bit) and 63.0.3218.0 (Official Build) canary (64-bit) on osX Sierra

Comment 2 by jrobbins@chromium.org, Sep 18 2017

Labels: -Security

Comment 3 by jrobbins@chromium.org, Sep 18 2017

Project: chromium

Moved issue monorail:3065 to now be  issue chromium:766384 .

Comment 4 by jrobbins@chromium.org, Sep 18 2017

Labels: -Type-Defect -Priority-High Security Pri-1 Type-Bug-Security
Status: Unconfirmed (was: New)

Comment 5 by elawrence@chromium.org, Sep 19 2017

Components: Blink>SecurityFeature>SameOriginPolicy Blink>Media

Perhaps related to  Issue 761622

Comment 6 by palmer@chromium.org, Sep 19 2017

Mergedinto: 761622
Status: Duplicate (was: Unconfirmed)

I'm pretty sure this is a duplicate of  Issue 761622 . I've CC'd you on that bug.

Comment 7 by tristan....@gmail.com, Sep 20 2017

Yes it is a duplicate. Thanks for CC.

Project Member

Comment 8 by sheriffbot@chromium.org, Jan 9 2018

Labels: allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 766384 link

Issue metadata

MediaElement.captureStream allows exporting of cross-origin resources

Issue description

Comment 1 by tristan....@gmail.com, Sep 18 2017

Comment 1 Deleted

Comment 2 by jrobbins@chromium.org, Sep 18 2017

Comment 2 Deleted

Comment 3 by jrobbins@chromium.org, Sep 18 2017

Comment 3 Deleted

Comment 4 by jrobbins@chromium.org, Sep 18 2017

Comment 4 Deleted

Comment 5 by elawrence@chromium.org, Sep 19 2017

Comment 5 Deleted

Comment 6 by palmer@chromium.org, Sep 19 2017

Comment 6 Deleted

Comment 7 by tristan....@gmail.com, Sep 20 2017

Comment 7 Deleted

Comment 8 by sheriffbot@chromium.org, Jan 9 2018

Comment 8 Deleted

Sign in to add a comment