New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Jun 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Bug-Security

Blocking:
issue 848123


Participants' hotlists:
x..


Sign in to add a comment
link

Issue 848531: Security: Simulated Alt + Click event can download a cross origin file

Reported by mea...@chromium.org, Jun 1 2018 Project Member

Issue description

Split from  bug 848123 . The POC is simulate.html in that bug.

This seems to defeat the protections added in  bug 608669 .

jochen: Can you PTAL?
 

Comment 1 by sheriffbot@chromium.org, Jun 1 2018

Project Member
Labels: Pri-2

Comment 2 by bugdroid1@chromium.org, Jun 4 2018

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4379a7fcff8190aa7ba72307b398161c32102c52

commit 4379a7fcff8190aa7ba72307b398161c32102c52
Author: Jochen Eisinger <jochen@chromium.org>
Date: Mon Jun 04 10:51:32 2018

Only allow downloading in response to real keyboard modifiers

BUG= 848531 

Change-Id: I97554c8d312243b55647f1376945aee32dbd95bf
Reviewed-on: https://chromium-review.googlesource.com/1082216
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#564051}
[add] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/WebKit/LayoutTests/fast/events/download-on-alt-click-expected.txt
[add] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/WebKit/LayoutTests/fast/events/download-on-alt-click.html
[add] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/WebKit/LayoutTests/fast/events/download-on-synthesized-alt-click-expected.txt
[add] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/WebKit/LayoutTests/fast/events/download-on-synthesized-alt-click.html
[add] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/WebKit/LayoutTests/fast/events/resources/notify-done.html
[modify] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/blink/renderer/core/loader/frame_loader.cc
[modify] https://crrev.com/4379a7fcff8190aa7ba72307b398161c32102c52/third_party/blink/renderer/core/page/create_window.cc

Comment 3 by jochen@chromium.org, Jun 4 2018

Status: Fixed (was: Assigned)

Comment 4 by sheriffbot@chromium.org, Jun 4 2018

Project Member
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 5 by awhalley@chromium.org, Jul 30 2018

Cc: luan.her...@hotmail.com

Comment 6 by awhalley@chromium.org, Sep 5

Labels: CVE-2018-16088 CVE_description-missing

Comment 7 by sheriffbot@chromium.org, Sep 10

Project Member
Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by awhalley@chromium.org, Jan 4

Labels: -CVE_description-missing CVE_description-submitted

Sign in to add a comment