New issue
Advanced search Search tips

Issue 833063 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner:
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Security: Browser crash is seen on dragging and dropping a downloaded file into the desktop on macOS

Reported by chromium...@gmail.com, Apr 14 2018

Issue description

VERSION
Chrome Version: 68.0.3397.0 (Official Build) canary (64-bit)
Operating System: macOS 10.12.6 Sierra

REPRODUCTION CASE
1. Load the testcase
2. Click on "Download"
3. Now, try dragging and dropping the downloaded file into your desktop by passing through the testcase page

Crash/c2d24f5a09286ea8
 
testcase.html
124 bytes View Download
Recording #2.mp4
603 KB View Download
Components: UI>Browser>Downloads
Labels: Security_Impact-Head OS-Mac
Labels: Security_Severity-Medium
Owner: ellyjo...@chromium.org
Status: Assigned (was: Unconfirmed)
Labels: M-66
Can someone please share the call stack on crash? 
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 15 2018

Labels: -Security_Impact-Head Security_Impact-Beta
Project Member

Comment 8 by sheriffbot@chromium.org, Apr 15 2018

Labels: ReleaseBlock-Stable
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 9 by sheriffbot@chromium.org, Apr 15 2018

Labels: Pri-1
Mergedinto: 826632
Status: Duplicate (was: Assigned)
This crash is already known as issue 826632.
Can you please Cc me on that issue? Thanks!
Cc: pbomm...@chromium.org
Cc: sdy@chromium.org
Labels: -Restrict-View-SecurityTeam -Security_Severity-Medium -Security_Impact-Beta
#11: done

Stripping security tags - while this is a crash, it's not triggerable (or controllable) by page content; it is caused by and entirely localized to a logic error in browser-side UI code.
Labels: -Type-Bug-Security Type-Bug

Sign in to add a comment