Security: Service Worker generated logs (network and console) shared between web pages running on different port
Reported by
bharat.s...@gmail.com,
Apr 20 2018
|
|||||||||||||||||||
Issue descriptionService Worker Bug Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS When running multiple web apps on different ports on localhost with service worker installed on one, the service worker network logs and console logs were visible on all the tabs running different sites. I was running a web page on Localhost:8888 with service worker installed and another web page on localhost:3000. The Network and console logs generated by the service worker were shared between the two tabs. I even tried using a different port 19001 which is for react-native remote debugging and it had the same result. Using a Workbox 2.x generated service worker. Service worker differentiates the domain name and works under its scope but I guess it doesn't follow this rule when web pages are working on a different port. VERSION Chrome Version: Version 65.0.3325.181 (Official Build) (64-bit) Operating System: MAC OS Sierra 10.13.2 (17C88) Security_Severity: Medium Security_Impact: Medium REPRODUCTION CASE I have attached the screenshots of the reproducible case. It was happening for every port and the issue was reproducible 100% of the time.
,
Apr 20 2018
I am not convinced that this is a security bug. DevTools team -- can you please comment on whether this is WAI or if it's a bug? Potentially a Security_Severity-Medium so applying that for now.
,
Apr 20 2018
paulirish@ -- assigning you as the owner for triage. Please feel free to assign it to someone else who may be able to triage this more appropriately.
,
Apr 20 2018
,
Apr 20 2018
,
Apr 20 2018
,
Apr 21 2018
,
May 4 2018
eostroukhov: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0b887fb9fe13e3a647ee2cc7b9a36c02beec3fd1 commit 0b887fb9fe13e3a647ee2cc7b9a36c02beec3fd1 Author: Eugene Ostroukhov <eostroukhov@chromium.org> Date: Tue May 08 00:58:03 2018 DevTools: associate SW based on origin Bug: 835150 Change-Id: Ic13db9c50bcfb46adcf5118bdfbd85be11347153 Reviewed-on: https://chromium-review.googlesource.com/1048412 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org> Cr-Commit-Position: refs/heads/master@{#556630} [modify] https://crrev.com/0b887fb9fe13e3a647ee2cc7b9a36c02beec3fd1/content/browser/devtools/protocol/target_auto_attacher.cc
,
May 8 2018
,
May 9 2018
,
May 14 2018
,
May 21 2018
Thanks for the report, bharat.sinha.2307@ - I'm afraid the VRP panel decided that this was indeed not a security problem, so it won't be receiving a reward. |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Apr 20 2018