New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 892427 link

Starred by 2 users
Status: Assigned
Owner:
ihf@chromium.org
Cc:
tommycli@chromium.org
ericde@chromium.org
lafo...@chromium.org
msramek@chromium.org
mu...@chromium.org
rohi...@chromium.org
ihf@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug
Team-Security-UX



Sign in to add a comment

navigations to https://get.adobe.com/flashplayer/about/ fail

Project Member Reported by wfh@chromium.org, Oct 4 
Chrome Version: 71.0.3566.0 (Official Build) canary (64-bit) (cohort: Clang-64)
OS: Windows 10 Version 1803 (OS Build 17134.285)

What steps will reproduce the problem?
(1) Open google
(2) Search for "flash test page"
(3) Click on the top link (which should be "Adobe - Flash Player" and link https://get.adobe.com/flashplayer/about/"

What is the expected result?

Navigates to the page

What happens instead?

A popup appears saying "www.google.com wants to Run Flash" and clicking "Allow" does nothing. Also, it's not Google.com requesting permission. This seems like a very odd dialog.


Please use labels and text to provide additional information.

If this is a regression (i.e., worked before), please consider using the
bisect tool (https://www.chromium.org/developers/bisect-builds-py) to help
us identify the root cause and more rapidly triage the issue.

For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by wfh@chromium.org, Oct 4 

I think corp policy is changing this behavior. On a clean machine no policy, fresh install, I can't even navigate to the link, and nothing appears... just nothing happens at all.

To repro, make sure you click the link indicated in screenshot here (it might not be the first one).
flash_link.png
9.5 KB View Download

Comment 2 by laforge@google.com, Oct 4

Cc: tommycli@chromium.org ericde@chromium.org
Labels: OS-Chrome OS-Linux OS-Mac
Not sure if the current logic accounts for excluding the DSE.  Tommy do you know?

Comment 3 by tommycli@chromium.org, Oct 4 

We don't exclude the default search engine.

I can see the value of excluding all the default set of 5 search engines though.

Comment 4 by carlosil@chromium.org, Nov 12

Cc: msramek@chromium.org
Components: -Internals>Permissions Internals>Permissions>Model
Owner: ihf@chromium.org
Status: Assigned (was: Untriaged)
Explicitely assigning to ihf@ for further triage and adding msramek since this might be a permissions issue.

Also, I was able to reproduce in a machine with no corp policy. The first attempt shows the dialog, clicking allow stays in the Google results page, then trying the link again works.

Comment 5 by laforge@google.com, Nov 12 

Hey Tommy,

You probably know the activation logic the best, would you have any cycles to exclude the interception/ activation prompt on a DSEs?

Comment 6 by tommycli@google.com, Nov 12 

I don't think it's a permissions issue.

The fix is to update the file here [1] to early exit for results on a search engine results page. Probably just the default search engine would be sufficient.

P2 seems appropriate to me.

[1] https://cs.chromium.org/chromium/src/chrome/browser/plugins/flash_download_interception.cc?q=flash_download_inter&sq=package:chromium&g=0&l=1

Sign in to add a comment