New issue
Advanced search Search tips

Issue 892208 link

Starred by 2 users

Issue metadata

Status: Untriaged
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

bookmarkManagerPrivate doesn't properly validate data passed to cut()

Reported by derce...@gmail.com, Oct 4

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce the problem:
1. Navigate to chrome://bookmarks/
2. Open the developer tools.
3. Switch to the console tab and run one of the following commands:

chrome.bookmarkManagerPrivate.cut(["0"]);
chrome.bookmarkManagerPrivate.cut(["1", "2"]);

What is the expected behavior?
In both cases, an error should be returned and printed to the console.

What went wrong?
When running the first cut() command, the browser crashes.
When running the second, both the "Bookmarks bar" and "Other bookmarks" folders disappear. Trying to perform standard bookmark operations then crashes the browser.

Did this work before? N/A 

Does this work in other browsers? Yes

Chrome version: 69.0.3497.100  Channel: stable
OS Version: 10.0
Flash Version:
 
Components: UI>Browser>Bookmarks
Labels: -Hotlist-Interop
This API is not meant to be consumed by users or developers, it is a private, internal API that as a result of some implementation detail, can be played around with the console.
I believe that the bookmarks manager is automatically updated when something changes in the bookmarks tree (say, playing with the bookmarks bar while the manager is open), so calling methods with invalid values will simply not happen (barring bugs, obviously).
I am sure the API would have validated more if it were officially accessible by any user, but it is private at the moment (and probably forever), so it is not a practical concern, in my opinion.
Labels: Needs-Triage-M69
Cc: vamshi.kommuri@chromium.org
Labels: Triaged-ET Target-71 M-71 FoundIn-71 FoundIn-70 FoundIn-69 OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on reported chrome version 69.0.3497.100 and on the latest canary 71.0.3575.0 using Mac 10.13.1, Windows 10 and Ubuntu 14.04

As similar issue is seen from M60(60.0.3112.0) considering it as Non-Regression and marking it as Untriaged.

Thanks!
Labels: Hotlist-DesktopUIChecked Hotlist-DesktopUIValid
**UI mass Triage**
Still able to reproduce the issue on reported chrome version 69.0.3497.100 and on the latest canary-72.0.3611.0 as per C#0.
Adding appropriate labels.

Sign in to add a comment