diff options
author | Hao Liu <haoliuk@chromium.org> | 2023-01-03 16:28:33 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-03-24 10:09:58 +0000 |
commit | 8f2b19e50ea4e6c608e7644022db1ff4be4fcbc0 (patch) | |
tree | b61602d09a9bf1401af470f857853c6fc2d432e6 | |
parent | 4e2a01d1dc431582fa580aa44f796d4a262b5549 (diff) | |
download | qtwebengine-chromium-8f2b19e50ea4e6c608e7644022db1ff4be4fcbc0.tar.gz |
[Backport] CVE-2023-1233: Insufficient policy enforcement in Resource Timing
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4116604:
Fix extension fingerprinting via resource timing entry
This CL is to prevent resource timing entry being emitted for resources
that are initiated in the Non main world.
Test cases are added for resources initiated from both the main world
and non main world.
Bug: 1045681
Change-Id: I309b54dae63f56e8d1d71e5c33507623b0c80389
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4116604
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Hao Liu <haoliuk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1088254}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468622
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc index 189b223c46e..f7d872f9c5b 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc @@ -2298,6 +2298,14 @@ void ResourceFetcher::PopulateAndAddResourceTimingInfo( Resource* resource, scoped_refptr<ResourceTimingInfo> info, base::TimeTicks response_end) { + + // Resource timing entries that correspond to resources fetched by extensions + // are precluded. + if (resource->Options().world_for_csp.get() && + resource->Options().world_for_csp->IsIsolatedWorld()) { + return; + } + const KURL& initial_url = resource->GetResourceRequest().GetRedirectInfo().has_value() ? resource->GetResourceRequest().GetRedirectInfo()->original_url |