New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 845270 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 823194
Owner:
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: Mac-only - Long extension name allows spoofing of Debugging InfoBar (repro 823194)

Reported by chromium...@gmail.com, May 21 2018

Issue description


VERSION
Chrome Version: Version 68.0.3436.0 (Official Build) canary (64-bit)
Operating System: MacOS Sierra 10.12.6

- (repro 823194) 

REPRODUCTION CASE
1. Install the extension.
2. Observe the infobar message is without "<extension name> is debugging this browser"
 
Actual_Result.png
151 KB View Download
Expected_Result.png
98.4 KB View Download
test case.zip
3.2 KB Download
Please see  issue 823194 .

Comment 2 by mmoroz@chromium.org, May 22 2018

Cc: rdevlin....@chromium.org
Components: Platform>Extensions
Labels: Security_Severity-Low Security_Impact-Head OS-Mac
Owner: dgozman@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 3 by mmoroz@chromium.org, May 22 2018

Labels: M-68
Project Member

Comment 4 by sheriffbot@chromium.org, May 22 2018

Labels: Pri-2
Mergedinto: 823194
Status: Duplicate (was: Assigned)
We specifically decided to not update mac behavior. See  issue 823194  (and CL discussion) for details.
Project Member

Comment 6 by sheriffbot@chromium.org, Aug 29

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment