Flash and unsandboxed plugin access allowed on insecure HTTP sites
Reported by
93m4qau...@gmail.com,
Jan 25 2018
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Steps to reproduce the problem: 1. Open an insecure HTTP site, e.g. http://www.userbenchmark.com/page/login 2. Click on the verbose chip, and then click on "Site settings". What is the expected behavior? Like location, camera, microphone, notifications, background sync, and MIDI devices, Flash and unsandboxed plugin access are blocked because the site is insecure. What went wrong? For some reason, Flash and unsandboxed plugin access are allowed on the site even though it is insecure HTTP. Did this work before? N/A Chrome version: 64.0.3282.119 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: HSTS for the Entire Internet
,
Jan 29 2018
,
Jan 29 2018
As per comment #1, as this is a Feature request to block Flash and unsandboxed on an insecure HTTP page, marking this as Untriaged for further updates from Dev. Thanks.. |
|||
►
Sign in to add a comment |
|||
Comment 1 by elawrence@chromium.org
, Jan 25 2018Components: Security Internals>Plugins>Flash
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam allpublic Type-Feature