New issue
Advanced search Search tips

Issue 884542 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Sep 20
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Disable anti-tracking Secret Window with inherited HSTS

Reported by gnh1...@gmail.com, Sep 16 
[Bug] Disable anti-tracking in secret window with inherited HSTS
​
Chrome version: 69.0.3497.92 (64bit)
OS: Windows 7
​
Description:
​
I have identified problems between secret window and HSTS (HTTP Strict Transport Security) functionality.
​
secret window provides tracking protection.​
​However, it is used as a tool to disable the tracking prevention function in use with HSTS.
​
When I create a new secret window, HSTS should not be inherited. but, subsequent secret window allowed inheritance of HSTS.
​
This problem continued even after the window was closed.
​
I was able to use this to create a new user tracking method using Iframe and ajax.
​
Is it bug? I am waiting for a reply.

Comment 1 by rsesek@chromium.org, Sep 16 

By "Secret Window" do you mean incognito? If so, please read our FAQ about Incognito's security guarantees: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#what-are-the-security-and-privacy-guarantees-of-incognito-mode

Comment 2 by mbarbe...@chromium.org, Sep 20

Status: WontFix (was: Unconfirmed)
Marking as WontFix for the reasons outlined in the document referenced in c#1.
Project Member

Comment 3 by sheriffbot@chromium.org, Dec 28

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment