Meta bug: Enforce Site Isolation policy in the browser process |
||||||||||||||||||||||||||||||||||||||||||||||
Issue descriptionOnce some or all sites are given dedicated renderer processes (using --isolate-origins or --site-per-process, respectively), the browser process can enforce that only renderer processes locked to the correct site can access that site's data. This covers data such as cookies, passwords, localStorage, permissions, and other types of stored data. It also includes blocking other renderer processes from receiving documents from these sites (though not all network data, since images, scripts, CSS, etc are still allowed in any web renderer process). This is an umbrella bug to track the work to add enforcements for these properties in the browser process, so that an exploited renderer cannot access such data. ⛆ |
|
|
,
Nov 30 2017
,
Dec 5 2017
,
Dec 7 2017
,
Dec 7 2017
,
Dec 7 2017
,
Dec 11 2017
,
Dec 21 2017
,
Jan 17 2018
,
Jan 17 2018
,
Jan 17 2018
,
Jan 17 2018
,
Apr 12 2018
,
May 10 2018
,
May 24 2018
,
Jun 8 2018
,
Jun 14 2018
,
Jun 15 2018
,
Jun 21 2018
,
Jun 29 2018
,
Aug 7
,
Aug 15
,
Aug 15
,
Sep 20
,
Sep 22
,
Oct 11
,
Oct 23
,
Nov 14
,
Dec 3
,
Dec 17
,
Dec 19
,
Dec 21
,
Dec 21
,
Dec 21
,
Dec 21
,
Dec 21
,
Dec 27
,
Jan 2
,
Jan 3
,
Jan 4
,
Jan 10
,
Jan 14
,
Today
(22 hours ago)
|
|||||||||||||||||||||||||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||||||||||||||||||||||||||||
Comment 1 by creis@chromium.org
, Nov 18 2017