New issue
Advanced search Search tips

Issue 891487 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Dec 3
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Handoff should be disabled when browsing incognito

Reported by bowersb...@gmail.com, Oct 2

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. On 2 macs, log into Chrome with a user account
2. On 1 of the macs, open an incognito window and go to any page (eg. nytimes.com)
3. On the other mac, Cmd + Tab with Chrome open, and you'll see a "From Mac" option that offers to bring the page from the other mac to your current mac.
4. Click that.

It will open the incognito window in the other mac.

What is the expected behavior?
It should not offer to open any incognito windows.

What went wrong?
I was able to see what is visible on a different computer's incognito session.

This shouldnt be possible.

Did this work before? N/A 

Chrome version: 69.0.3497.100  Channel: stable
OS Version: OS X 10.14.0
Flash Version:
 
Labels: Needs-Triage-M69
Components: Privacy
Status: Available (was: Unconfirmed)
Summary: Handoff should be disabled when browsing incognito (was: Open "From Mac" offers incognito windows on other machines)
We should probably do an incognito check here if we can access it https://cs.chromium.org/chromium/src/components/handoff/handoff_manager.mm?type=cs&q=shouldUseActiveURL&sq=package:chromium&g=0&l=87

or have a way to invalidate the active user activity from somewhere where we *do* know about the incognito session.
Cc: msramek@chromium.org rhalavati@chromium.org huanzhong@google.com
Components: -Privacy Privacy>Incognito
+msramek, +huanzhong,

I think this is a high priority issue. Martin, what do you think?
Labels: -Pri-2 Pri-1
Martin, Huanzhong,

Gentle reminder. +Increasing priority.
Hi rhalavati, 

Thanks for increasing the priority.

Quick question, does this fall under the remit of "Information Leak" on the Bug Bounty for Chrome?
Owner: erikc...@chromium.org
Status: Assigned (was: Available)
Passing to +erikchen@ from handoff/ OWNERS.

If I understand correctly, this is basically like Chrome's Tab Sync, just done by the OS, and through the iCloud account.

Similarly as we don't sync Incognito history and tabs, we shouldn't make them available for Handoff. If I understand comment #2 correctly, if we can avoid exposing those tabs to Handoff, we should certainly do that.
Re #5: Unfortunately, privacy bugs are currently not covered under the bug bounty program, only security vulnerabilities are.
Re #7 yeah figured, worth asking anyway :D
Owner: ellyjo...@chromium.org
We probably want to add some simple logic to the code in app_controller_mac or handoff_active_url_observer:

https://cs.chromium.org/chromium/src/chrome/browser/ui/cocoa/handoff_active_url_observer.cc?type=cs&q=handoffActiveURLChanged&sq=package:chromium&g=0&l=32

https://cs.chromium.org/chromium/src/chrome/browser/app_controller_mac.mm?type=cs&q=updateActiveURL&sq=package:chromium&g=0&l=1689

e.g. if we can determine if a  WebContents* is from an incognito window, then I think a single check in updateHandoffManager: may suffice.

Over to elly to find an owner on the macOS team.
Cc: ellyjo...@chromium.org
Labels: -Pri-1 -Needs-Triage-M69 Target-72 M-72 Pri-2
Owner: a...@chromium.org
avi@, over to you for M72 :)
Errrr.... we already do this.

AppController's -handoffURLFromWebContents: already checks for incognito and guest mode. Investigating.
I have no idea what's going on here.

AppController's -handoffURLFromWebContents: is correctly returning GURL() for incognito and guest browser windows. That null URL is being passed to the handoff manager's -shouldUseActiveURL method. I've verified both.

I cannot reproduce this at all.
Labels: Needs-Feedback
OP, can you provide more details? Perhaps a screen recording?
Hmm, is it possible that this was fixed somewhat recently?

I can't reproduce it myself either anymore (Chrome 70 on both Mac devices).

Any changes to how this works in 68-70? 
Ah, I think I know what the issue is.

It isn't incognito users, it is a different Chrome profile that it happens on.

For example, I have 3 profiles on my iMac.

"Profile 1", "Profile 2", and "Profile 3".

Profile 1 is my usual profile, Profile 2 looks like Incognito (Dark chrome - hence my confusion), Profile 3 is light like the standard chrome one.

I can handoff to my device from a different Chrome profile (one that doesn't exist on my laptop).


Status: WontFix (was: Assigned)
This works as intended, then.

Handoff is "send the URL I'm using on this other Mac", and we don't distinguish between profiles in that regard. I'm not quite sure how to consider equality of profiles on different Macs.

Sign in to add a comment