New issue
Advanced search Search tips

Issue 889084 link

Starred by 9 users

Issue metadata

Status: Fixed
Owner: ----
Closed: Oct 12
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Chrome sends the NID tracking Google cookie in third-party contexts after clearning all cookies when having signed in to a Google account

Reported by ehsan.ak...@gmail.com, Sep 25

Issue description

Chrome Version       : 69.0.3497.92 (Official Build) (64-bit)
OS Version: Ubuntu 18.04.1 LTS
URLs (if applicable) : https://senglehardt.com/test/identity_providers/google.html
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue: no other browser does this!
     Safari: OK
    Firefox: OK
    IE/Edge: OK

What steps will reproduce the problem?
1. Sign into your Google account, e.g. on Gmail.
2. Clear all cookies, like in the screenshot.
3. Open devtools and go to https://senglehardt.com/test/identity_providers/google.html.
4. Click on "iframe" in the network tab and look at the cookies sent (see screenshot)

What is the expected result?
No cookies should be sent to accounts.google.com.

What happens instead of that?
Cookies are sent to accounts.google.com.

Please provide any additional information below. Attach a screenshot if
possible.



 
Screenshot from 2018-09-25 13-06-29.png
241 KB View Download
Screenshot from 2018-09-25 12-17-15.png
517 KB View Download
Labels: Needs-Triage-M69
Cc: viswa.karala@chromium.org
Components: Internals>Network>Cookies
Labels: Needs-Feedback Triaged-ET
Tried testing the issue on chrome reported version# 69.0.3497.92 using Ubuntu 17.10 with steps mentioned below:
1) Launched chrome reported version and signed in into gmail
2) Navigated to Chrome://settings and cleared all the cookies
3) Opned New Tab Page > Opened Devtools and loaded the URL(URL: https://senglehardt.com/test/identity_providers/google.html)
4) Navigated to Devtools > Network tab and clicked on "iframe", Under the Request Headers seen ":authority: accounts,google.com" and "cookie: value"

@Reporter: Please find the above information and attached screenshot for your reference and provide your feedback on it which help in further triaging it in better way.
Note: Tentatively adding Internals>Network>Cookies component to it.

Thanks!

889084.jpg
620 KB View Download
Components: -Internals>Network>Cookies Services>SignIn
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 12

Cc: droger@chromium.org bsazonov@chromium.org ew...@chromium.org jlebel@chromium.org tangltom@chromium.org sabineb@chromium.org msarda@chromium.org
Status: WontFix (was: Unconfirmed)
--Chrome Identity automated triaging--

This bug is Unconfirmed and has gone two weeks without any activity, so it is being closed as WontFix. Please re-open if this is still a valid and reproducible bug or feature request and mark it as Available. Please see https://goo.gl/78kbny for more details. Please remove the Services>SignIn or UI>Browser>Profiles components if this bug isn't related to Chrome Identity.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Status: Untriaged (was: WontFix)
AFAICT the screenshot in #c2 does show the NID cookie and seems to confirm the original report.  Moving this back to untriaged.
Status: Fixed (was: Untriaged)
This has been fixed in Chrome 70

Sign in to add a comment