New issue
Advanced search Search tips

Issue 889084 link

Starred by 9 users
Status: Fixed
Owner: ----
Closed: Oct 12
Cc:
droger@chromium.org
ew...@chromium.org
bsazonov@chromium.org
sabineb@chromium.org
viswa.karala@chromium.org
msarda@chromium.org
tangltom@chromium.org
jlebel@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Chrome sends the NID tracking Google cookie in third-party contexts after clearning all cookies when having signed in to a Google account

Reported by ehsan.ak...@gmail.com, Sep 25 
Chrome Version       : 69.0.3497.92 (Official Build) (64-bit)
OS Version: Ubuntu 18.04.1 LTS
URLs (if applicable) : https://senglehardt.com/test/identity_providers/google.html
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue: no other browser does this!
     Safari: OK
    Firefox: OK
    IE/Edge: OK

What steps will reproduce the problem?
1. Sign into your Google account, e.g. on Gmail.
2. Clear all cookies, like in the screenshot.
3. Open devtools and go to https://senglehardt.com/test/identity_providers/google.html.
4. Click on "iframe" in the network tab and look at the cookies sent (see screenshot)

What is the expected result?
No cookies should be sent to accounts.google.com.

What happens instead of that?
Cookies are sent to accounts.google.com.

Please provide any additional information below. Attach a screenshot if
possible.
Screenshot from 2018-09-25 13-06-29.png
241 KB View Download
Screenshot from 2018-09-25 12-17-15.png
517 KB View Download

Comment 1 by viswa.karala@chromium.org, Sep 26

Labels: Needs-Triage-M69

Comment 2 by viswa.karala@chromium.org, Sep 28

Cc: viswa.karala@chromium.org
Components: Internals>Network>Cookies
Labels: Needs-Feedback Triaged-ET
Tried testing the issue on chrome reported version# 69.0.3497.92 using Ubuntu 17.10 with steps mentioned below:
1) Launched chrome reported version and signed in into gmail
2) Navigated to Chrome://settings and cleared all the cookies
3) Opned New Tab Page > Opened Devtools and loaded the URL(URL: https://senglehardt.com/test/identity_providers/google.html)
4) Navigated to Devtools > Network tab and clicked on "iframe", Under the Request Headers seen ":authority: accounts,google.com" and "cookie: value"

@Reporter: Please find the above information and attached screenshot for your reference and provide your feedback on it which help in further triaging it in better way.
Note: Tentatively adding Internals>Network>Cookies component to it.

Thanks!
889084.jpg
620 KB View Download

Comment 3 by mmenke@chromium.org, Sep 28

Components: -Internals>Network>Cookies Services>SignIn
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 12

Cc: droger@chromium.org bsazonov@chromium.org ew...@chromium.org jlebel@chromium.org tangltom@chromium.org sabineb@chromium.org msarda@chromium.org
Status: WontFix (was: Unconfirmed)
--Chrome Identity automated triaging--

This bug is Unconfirmed and has gone two weeks without any activity, so it is being closed as WontFix. Please re-open if this is still a valid and reproducible bug or feature request and mark it as Available. Please see https://goo.gl/78kbny for more details. Please remove the Services>SignIn or UI>Browser>Profiles components if this bug isn't related to Chrome Identity.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by wanderview@chromium.org, Oct 12

Status: Untriaged (was: WontFix)
AFAICT the screenshot in #c2 does show the NID cookie and seems to confirm the original report.  Moving this back to untriaged.

Comment 6 by dullweber@chromium.org, Oct 12

Status: Fixed (was: Untriaged)
This has been fixed in Chrome 70

Sign in to add a comment