diff options
| author | Jack Hsieh <chengweih@chromium.org> | 2023-03-13 21:19:03 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-05-15 11:36:30 +0000 |
| commit | 799b46219664a8b3f005cadeb02076590f6dbcc2 (patch) | |
| tree | b221cbb9b05f6d8c7d026682180982ccd5d3a349 | |
| parent | b7e9102b863216fddc5564594a30325829a26a05 (diff) | |
| download | qtwebengine-chromium-799b46219664a8b3f005cadeb02076590f6dbcc2.tar.gz | |
[Backport] CVE-2023-2462: Inappropriate implementation in Prompts (8/10)
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4237626:
usb: Reject using WebUSB API in an opaque origin
Rejects renderer's request of using WebUSB API when the top-level
document has an opaque origin.
Bug: 1375133
Change-Id: I1b449389e55ea8ead412ea9e87fc99971997b491
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4237626
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Jack Hsieh <chengweih@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1116595}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476782
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/content/browser/renderer_host/render_frame_host_impl.cc | 6 | ||||
| -rw-r--r-- | chromium/content/browser/service_worker/service_worker_host.cc | 15 |
2 files changed, 19 insertions, 2 deletions
diff --git a/chromium/content/browser/renderer_host/render_frame_host_impl.cc b/chromium/content/browser/renderer_host/render_frame_host_impl.cc index d5745cea447..83789e10899 100644 --- a/chromium/content/browser/renderer_host/render_frame_host_impl.cc +++ b/chromium/content/browser/renderer_host/render_frame_host_impl.cc @@ -10521,6 +10521,12 @@ void RenderFrameHostImpl::CreateWebUsbService( mojo::ReportBadMessage("Permissions policy blocks access to USB."); return; } + if (GetOutermostMainFrame()->GetLastCommittedOrigin().opaque()) { + mojo::ReportBadMessage( + "WebUSB is not allowed when the top-level document has an opaque " + "origin."); + return; + } BackForwardCache::DisableForRenderFrameHost( this, BackForwardCacheDisable::DisabledReason( BackForwardCacheDisable::DisabledReasonId::kWebUSB)); diff --git a/chromium/content/browser/service_worker/service_worker_host.cc b/chromium/content/browser/service_worker/service_worker_host.cc index 180d775cd6a..95005b5bfca 100644 --- a/chromium/content/browser/service_worker/service_worker_host.cc +++ b/chromium/content/browser/service_worker/service_worker_host.cc @@ -109,8 +109,19 @@ void ServiceWorkerHost::BindHidService( void ServiceWorkerHost::BindUsbService( mojo::PendingReceiver<blink::mojom::WebUsbService> receiver) { DCHECK_CURRENTLY_ON(BrowserThread::UI); - version_->embedded_worker()->BindUsbService(version_->key().origin(), - std::move(receiver)); + DCHECK(container_host_->top_frame_origin()); + if (container_host_->top_frame_origin()->opaque()) { + // Service worker should not be available to a window/worker client whose + // origin is opaque according to Service Worker specification. However, this + // can possibly be triggered by a compromised renderer, so reject it and + // report a bad mojo message. + mojo::ReportBadMessage( + "WebUSB is not allowed for the service worker scope when the top-level " + "frame has an opaque origin."); + return; + } + version_->embedded_worker()->BindUsbService( + *container_host_->top_frame_origin(), std::move(receiver)); } net::NetworkIsolationKey ServiceWorkerHost::GetNetworkIsolationKey() const { |