The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23bef1af56eb0c989fb2572be4ce04d3477cc8be

commit 23bef1af56eb0c989fb2572be4ce04d3477cc8be
Author: Jun Choi <hongjunchoi@chromium.org>
Date: Wed Apr 18 19:49:42 2018

Check RP ID hash returned from CTAP tokens

CTAP HID transport protocol uses 4 byte channel ID to check that the
message sent by the authenticator is only received and processed by the
correct client process. On the other hand, CTAP BLE transport protocol
defines no such mechanism to differentiate incoming BLE fragments. This,
under some circumstances, enables relying parties to receive
response from authenticators that was intended for different site.

In order to prevent malicious RP from receiving authenticator response
intended for different site, check relying party ID hash returned from
the authenticator in response to MakeCredential and GetAssertion
response.

Bug:  828507 
Change-Id: I3b743fc9b9f79284ab4b979d17c75ccc9e5a889c
Reviewed-on: https://chromium-review.googlesource.com/1004118
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#551789}
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/content/browser/webauth/webauth_browsertest.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/attestation_object.h
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/authenticator_data.h
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/authenticator_get_assertion_response.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/authenticator_get_assertion_response.h
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/authenticator_make_credential_response.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/authenticator_make_credential_response.h
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/fido_test_data.h
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/get_assertion_handler_unittest.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/get_assertion_task.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/get_assertion_task_unittest.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/make_credential_handler_unittest.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/make_credential_task.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/make_credential_task_unittest.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/response_data.cc
[modify] https://crrev.com/23bef1af56eb0c989fb2572be4ce04d3477cc8be/device/fido/response_data.h

Requesting merge of https://chromium-review.googlesource.com/c/chromium/src/+/1004118 to M 67. 

Your change meets the bar and is auto-approved for M67. Please go ahead and merge the CL to branch 3396 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Pls merge your change to M67 branch 3396 ASAP so we can pick it up for next M67 Dev/Beta release. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b5e593df9311d156b2331764dfc414a7c9ee01b2

commit b5e593df9311d156b2331764dfc414a7c9ee01b2
Author: Jun Choi <hongjunchoi@chromium.org>
Date: Fri Apr 20 17:59:06 2018

Check RP ID hash returned from CTAP tokens

CTAP HID transport protocol uses 4 byte channel ID to check that the
message sent by the authenticator is only received and processed by the
correct client process. On the other hand, CTAP BLE transport protocol
defines no such mechanism to differentiate incoming BLE fragments. This,
under some circumstances, enables relying parties to receive
response from authenticators that was intended for different site.

In order to prevent malicious RP from receiving authenticator response
intended for different site, check relying party ID hash returned from
the authenticator in response to MakeCredential and GetAssertion
response.

Bug:  828507 
Change-Id: I3b743fc9b9f79284ab4b979d17c75ccc9e5a889c
Reviewed-on: https://chromium-review.googlesource.com/1004118
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#551789}(cherry picked from commit 23bef1af56eb0c989fb2572be4ce04d3477cc8be)
Reviewed-on: https://chromium-review.googlesource.com/1022017
Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/branch-heads/3396@{#166}
Cr-Branched-From: 9ef2aa869bc7bc0c089e255d698cca6e47d6b038-refs/heads/master@{#550428}
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/content/browser/webauth/webauth_browsertest.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/attestation_object.h
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/authenticator_data.h
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/authenticator_get_assertion_response.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/authenticator_get_assertion_response.h
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/authenticator_make_credential_response.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/authenticator_make_credential_response.h
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/fido_test_data.h
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/get_assertion_handler_unittest.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/get_assertion_task.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/get_assertion_task_unittest.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/make_credential_handler_unittest.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/make_credential_task.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/make_credential_task_unittest.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/response_data.cc
[modify] https://crrev.com/b5e593df9311d156b2331764dfc414a7c9ee01b2/device/fido/response_data.h