Adding Restrict-View-SecurityTeam in case there's a vulnerability being discussed here.

I believe that the images that are being shown in the omnibox suggestions are being safely decoded, *not* in the browser process.

The images in question include both the existing weather images shown with Answers in Suggest and the new entity suggestion images. Both are handled by the following service:

chrome/browser/bitmap_fetcher/bitmap_fetcher_service.h

BitmapFetcherService used ImageDecoder (chrome/browser/image_decoder.h), whose header states, "This is a helper class for decoding images safely in a sandboxed service."

If anyone has additional questions, feel free to reopen this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot