Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 79862 Bypass extensions permission app launch web_url should not allow javascript: chrome:
Starred by 2 users Reported by, Apr 19 2011 Back to list
Status: Fixed
Closed: May 2011
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security

  • Only users with EditIssue permission may comment.

Sign in to add a comment
javascript:alert(document.domain) //chrome://newtab
chrome://appcache-internals/ xss
app access javascript.crx
543 bytes Download
app access chrome history.crx
529 bytes Download
Comment 1 by, Apr 19 2011
Go to chrome://newtab click "test"
Labels: -Pri-0 -Area-Undefined Pri-1 Area-Internals Feature-Extensions OS-All Mstone-11 SecSeverity-Medium
Status: Available
Thanks Kuzzcc.

1. Need to install extension. No popups since manifest has nothing except web_url.
2. Open new tab and click on the app icon. executes in context of chrome urls.
Status: Assigned
Comment 4 by, Apr 19 2011
Labels: -SecSeverity-Medium SecSeverity-Low
Given that this requires a malicious extension it's probably a low-severity issue.
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Status: WillMerge
Fixed in
Project Member Comment 6 by, Apr 20 2011
Cc: a deleted user
Did this one ever get merged?  We got another report of it in  bug 83010 .
Did not get merged, and just missed the M12 branch point. Erik, if you think it's safe at this late M12 stage, feel free to merge it (or give us permission to do so). It does seem to have had some bake time.
I believe this is safe to merge.  Please go ahead.
Comment 11 by, May 23 2011
Labels: ApprovedForMerge
Comment 12 by, May 23 2011
merged to m12 as r86313
Comment 13 by, May 23 2011
Status: FixUnreleased
Project Member Comment 14 by, May 23 2011
The following revision refers to this bug:

r86313 | | Mon May 23 11:47:01 PDT 2011

Changed paths:
 A (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json revision 82297)
 A (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_1.json revision 82297)
 A (from /trunk/src/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json revision 82297)

Merge 82297 - Make sure that extensions can launch web urls with web safe schemes only.
Reviewed in

BUG= 79862 
Review URL:
Review URL:
Labels: SecImpacts-Stable
Batch update.
Labels: -Restrict-View-SecurityNotify
Lifting view restrictions.
Status: Fixed
Project Member Comment 18 by, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 19 by, Mar 10 2013
Labels: -Type-Security -Area-Internals -Feature-Extensions -Mstone-11 -SecSeverity-Low -SecImpacts-Stable Cr-Platform-Extensions Security-Impact-Stable Security-Severity-Low Cr-Internals M-11 Type-Bug-Security
Project Member Comment 20 by, Mar 13 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 21 by, Mar 21 2013
Labels: -Security-Severity-Low Security_Severity-Low
Project Member Comment 22 by, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 23 by, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Project Member Comment 24 by, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment