Security: single point of failure for closing tabs with agressive memory caching
Reported by
jack.mat...@gmail.com,
Apr 4 2018
|
|||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS there needs to be an easier way to completely stop chrome on mobile. When a site is hacked, they take over tab controls and there's no way to close the page. I am closing the Chrome app and even restarting my freaking phone but it's pulling up my old session. I'm having to uninstall the Chrome browser, reinstall it and then update it to start back over. Your striving for convenience is probably forcing noobs to fall for malicious popups because there's no easy way to start with a clean session. Here's a quick fix: when I am going out of my way to close the chrome app in the drawer, do me a solid and drop everything from memory. I am probably frustrated at that point. It's not an exploit per se. This behavior of not ever killing pages is a bad design. When in app tab UI isn't able to be accessed, it is beyond frustrating. It is a weak link. VERSION Chrome Version: [65] + [stable] Operating System: [Android] REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace *with symbols*, registers, exception record] Client ID (if relevant): [see link above]
,
Apr 4 2018
Change issue type from Bug-Security to Bug, since it is not a vulnerability per se.
,
Apr 4 2018
Thanks you for the right triage. It's interesting to see tab behavior is an ongoing conversation based on other reports. I guess after reading over the other reports, I just want to submit to mind that I'm concerned over the difficulty of "starting over" when you land on a hacked site. On a phone, I take steps that I believe should drop any memory on my phone and that is not happening. I do not mind at all if I have to navigate back to other open tabs that are not hacked as long as I can easily abort the page that has hijacked the UI.
,
Apr 5 2018
,
Apr 5 2018
Assuming this issue as Feature Request as per the original comment, updating the issue accordingly so that the issue gets resolved.
,
Apr 5 2018
Lol, if you think this sounds like a feature request, I feel you guys need to reconsider how myopic you've become about performance over everything else. This is dangerous browser behavior
,
Apr 5 2018
I just did research with a few "non-techie" folks and tab management is clearly a design problem. My ol' man had 99 tabs open and has been trying to close them all for a while without realizing the "close all tabs" option is in the hamburger icon with special options that only show after you tap a tab. When a hacker is taking control of a tab somewhere in there, have mercy on the folks who can't closing the freaking browser now. Go open your folks' phone browser and see how many tabs they have open. Then consider if keeping tabs open all the time is really all that helpful to anyone.
,
Apr 6 2018
Be warned though. You can't unsee tabs that people thought were closed from a while ago :( Use your imagination :(
,
Apr 6 2018
Please let me know when yall catch up.
,
May 10 2018
We are launching something in the next stable version of Chrome that should help. We are making javascript popups not block the app. They'll be shown only on the tab, but you'll be able to access the tab switcher and close the tab instead of it blocking all of Chrome. Also when launching Chrome after it has been killed from Chrome, we do not restore tabs except for the most recent one. Even if your tab switcher count shows 99, it will likely only have a single tab alive at a time. As for close all, we are investigating making that more visible as well. We need to balance the visibility of it though because we don't want people to accidentally close all of their tabs by mistake. I feel the spammy popups are going to be the largest source of your pain and that is something that should get better in the next release. https://bugs.chromium.org/p/chromium/issues/detail?id=687010 I'm going to close this bug out because I believe this is being actively addressed. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by jack.mat...@gmail.com
, Apr 4 2018