GCPW allows multiple instances of chrome to spawn leading to possible breakout of sandbox |
|||
Issue descriptionWhen using GCPW, if the Chrome UI does not come up after clicking on the login with GCPW button (the arrow button to start the log in process). It is possible to click again on the arrow button and cause a second process of Chrome to start. Now when GCPW is deselected the first chrome process is killed but the second process is still alive and appears to crash and restart itself automatically. This can lead to a chrome that can break of the login sandbox which we do not want.
,
Nov 13
,
Nov 16
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b9baaacd65499abb79a100e7dbe0c333cc8ac5b6 commit b9baaacd65499abb79a100e7dbe0c333cc8ac5b6 Author: Tien Mai <tienmai@chromium.org> Date: Fri Nov 16 16:38:44 2018 Fix multiple instances of Chrome started through GCPW - Prevent Google Credential Provider for Windows from starting another instances of Chrome on winlogon screen if one is already running - Fix DCHECK failure that would crash the GCPW if the user cancels out of the sign in or selects a different credential to sign into. Bug: 900966 Change-Id: Ib30b4eff282cb55fa3fe6777dca56ff2051e275c Reviewed-on: https://chromium-review.googlesource.com/c/1334293 Commit-Queue: Tien Mai <tienmai@chromium.org> Reviewed-by: Greg Thompson <grt@chromium.org> Reviewed-by: Roger Tawa <rogerta@chromium.org> Cr-Commit-Position: refs/heads/master@{#608804} [modify] https://crrev.com/b9baaacd65499abb79a100e7dbe0c333cc8ac5b6/chrome/credential_provider/gaiacp/gaia_credential_base.cc [modify] https://crrev.com/b9baaacd65499abb79a100e7dbe0c333cc8ac5b6/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc
,
Nov 16
|
|||
►
Sign in to add a comment |
|||
Comment 1 by pmarko@chromium.org
, Nov 5