New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 862163 link

Starred by 1 user
Status: Fixed
Owner:
nparker@chromium.org
Closed: Jul 16
Cc:
vakh@chromium.org
fr...@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

OpenOffice extensions need to be flagged as potentially dangerous

Project Member Reported by infe...@chromium.org, Jul 10 
OpenOffice extensions are not flagged by Chrome as potentially dangerous.
(.oxt file (OpenOffice extension))

Comment 1 by kenrb@chromium.org, Jul 10

Labels: Security_Severity-Low Security_Impact-Stable M-69 OS-Linux OS-Mac OS-Windows
Taking a guess at severity. nparker, you can bump it up if you think it warrants it.

Comment 2 by infe...@chromium.org, Jul 10

Cc: fr...@google.com
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 11

Labels: -Pri-1 Pri-2

Comment 4 by nparker@chromium.org, Jul 12 

Per the explanation in the "madatory training -- post mortem" doc, I agree .oxt files should be marked as ALLOW_ON_USER_GESTURE so it will warn on download from a new site.
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f1f500e6a3f2b3e74a7ffeea4d5c7a315b3dfe8c

commit f1f500e6a3f2b3e74a7ffeea4d5c7a315b3dfe8c
Author: Nathan Parker <nparker@chromium.org>
Date: Mon Jul 16 19:52:04 2018

Send download ping for OXT files

Bug:  862163 
Cq-Include-Trybots: luci.chromium.try:closure_compilation
Change-Id: Ied380807f9f57998d04e2ffddd004048568f0f9f
Reviewed-on: https://chromium-review.googlesource.com/1136724
Reviewed-by: Jialiu Lin <jialiul@chromium.org>
Commit-Queue: Nathan Parker <nparker@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575390}
[modify] https://crrev.com/f1f500e6a3f2b3e74a7ffeea4d5c7a315b3dfe8c/chrome/browser/resources/safe_browsing/download_file_types.asciipb
[modify] https://crrev.com/f1f500e6a3f2b3e74a7ffeea4d5c7a315b3dfe8c/components/download/internal/common/download_stats.cc
[modify] https://crrev.com/f1f500e6a3f2b3e74a7ffeea4d5c7a315b3dfe8c/tools/metrics/histograms/enums.xml

Comment 6 by nparker@chromium.org, Jul 16

Status: Fixed (was: Assigned)
Project Member

Comment 7 by sheriffbot@chromium.org, Jul 17

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 8 by awhalley@google.com, Aug 16

Labels: Release-0-M69
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 23

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment