New issue
Advanced search Search tips

Issue 785034 link

Starred by 1 user

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Sort out process privilege mismatch for uninstalled extensions

Project Member Reported by alex...@chromium.org, Nov 14 2017

Issue description

In  issue 782349 , I discovered that for an uninstalled extension, GetPrivilegeRequiredByUrl, used in ChromeContentBrowserClientExtensionsPart::IsSuitableHost, returns PRIV_EXTENSION for nonexistent extensions.  However, navigating to an uninstalled extension URL won't actually end up in a PRIV_EXTENSION process, because ChromeContentBrowserClientExtensionsPart::SiteInstanceGotProcess doesn't associate that process with the extension ID in the ProcessMap for uninstalled extensions.  This results in privilege mismatch between what we think is required for that URL and what we actually use.

It seems desirable to make these consistent by either (1) assigning PRIV_EXTENSION for nonexistent extensions in CCBCEP::SiteInstanceGotProcess, or (2) returning PRIV_NORMAL for nonexistent extensions from GetPrivilegeRequiredByUrl().  It's a little weird to mint a PRIV_EXTENSION process for an invalid extension URL, though maybe that consistency will help us avoid blocking CanCommitURL checks on this (i.e., we can still ensure that no chrome-extension:// URLs, even invalid ones, will commit in a PRIV_NORMAL process).

See more discussion on this at https://chromium-review.googlesource.com/c/chromium/src/+/762387/6/content/browser/renderer_host/render_process_host_unittest.cc#259.  I'm filing this to follow up on that.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Nov 15

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment