Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 79862 Bypass extensions permission app launch web_url should not allow javascript: chrome:
Starred by 2 users Reported by kuz...@gmail.com, Apr 19 2011 Back to list
Status: Fixed
Owner:
Closed: May 2011
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
javascript:alert(document.domain) //chrome://newtab
chrome://appcache-internals/ xss
 
app access javascript.crx
543 bytes Download
app access chrome history.crx
529 bytes Download
Comment 1 by kuz...@gmail.com, Apr 19 2011
Go to chrome://newtab click "test"
Labels: -Pri-0 -Area-Undefined Pri-1 Area-Internals Feature-Extensions OS-All Mstone-11 SecSeverity-Medium
Status: Available
Thanks Kuzzcc.

Preconditions::
1. Need to install extension. No popups since manifest has nothing except web_url.
2. Open new tab and click on the app icon. executes in context of chrome urls.
Owner: infe...@chromium.org
Status: Assigned
Comment 4 by jsc...@chromium.org, Apr 19 2011
Cc: erikkay%...@gtempaccount.com aa@chromium.org
Labels: -SecSeverity-Medium SecSeverity-Low
Given that this requires a malicious extension it's probably a low-severity issue.
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Status: WillMerge
Fixed in http://src.chromium.org/viewvc/chrome?view=rev&revision=82297
Project Member Comment 6 by bugdroid1@chromium.org, Apr 20 2011
Cc: a deleted user
Cc: jsc...@chromium.org cevans@chromium.org
Did this one ever get merged?  We got another report of it in  bug 83010 .
Did not get merged, and just missed the M12 branch point. Erik, if you think it's safe at this late M12 stage, feel free to merge it (or give us permission to do so). It does seem to have had some bake time.
I believe this is safe to merge.  Please go ahead.
Comment 11 by cdn@chromium.org, May 23 2011
Labels: ApprovedForMerge
Comment 12 by cdn@chromium.org, May 23 2011
merged to m12 as r86313
Comment 13 by cdn@chromium.org, May 23 2011
Status: FixUnreleased
Project Member Comment 14 by bugdroid1@chromium.org, May 23 2011
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=86313

------------------------------------------------------------------------
r86313 | cdn@chromium.org | Mon May 23 11:47:01 PDT 2011

Changed paths:
 A http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json?r1=86313&r2=86312&pathrev=86313 (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json revision 82297)
 A http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_1.json?r1=86313&r2=86312&pathrev=86313 (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_1.json revision 82297)
 D http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type.json?r1=86313&r2=86312&pathrev=86313
 M http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/common/extensions/extension_manifests_unittest.cc?r1=86313&r2=86312&pathrev=86313
 M http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/common/extensions/extension.cc?r1=86313&r2=86312&pathrev=86313
 A http://src.chromium.org/viewvc/chrome/branches/742/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json?r1=86313&r2=86312&pathrev=86313 (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json revision 82297)

Merge 82297 - Make sure that extensions can launch web urls with web safe schemes only.
Reviewed in http://codereview.chromium.org/6879047.

BUG= 79862 
TEST=ExtensionManifestTest.AppLaunchURL
Review URL: http://codereview.chromium.org/6879077
Review URL: http://codereview.chromium.org/6990039
------------------------------------------------------------------------
Labels: SecImpacts-Stable
Batch update.
Labels: -Restrict-View-SecurityNotify
Lifting view restrictions.
Status: Fixed
Project Member Comment 18 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 19 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Type-Security -Area-Internals -Feature-Extensions -Mstone-11 -SecSeverity-Low -SecImpacts-Stable Cr-Platform-Extensions Security-Impact-Stable Security-Severity-Low Cr-Internals M-11 Type-Bug-Security
Project Member Comment 20 by bugdroid1@chromium.org, Mar 13 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 21 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Severity-Low Security_Severity-Low
Project Member Comment 22 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 23 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 24 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment