[Backport] CVE-2023-2462: Inappropriate implementation in Prompts (1/10)

Cherry-pick of patch originaly reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4113162:
Reject Web Bluetooth requests with an opaque origin

The Web Bluetooth API tracks permissions using the origin of the top-level document in the frame tree. If this document has an opaque origin then there is no way to format the origin for display to the user in permission prompts or to write their decision in the preferences file.

Access to the Web Bluetooth API from such contexts should therefore be blocked.

Bug: 1375133
Change-Id: Idf737c1806eac4342e0fe716e2561e51aa127f53
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4113162
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Sina Firoozabadi <sinafirooz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1089042}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476754
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

1 files changed, 12 insertions, 0 deletions

diff --git a/chromium/third_party/blink/renderer/modules/bluetooth/bluetooth.cc b/chromium/third_party/blink/renderer/modules/bluetooth/bluetooth.cc
index d7f31c5783b..88f6f425789 100644
--- a/chromium/third_party/blink/renderer/modules/bluetooth/bluetooth.cc
+++ b/chromium/third_party/blink/renderer/modules/bluetooth/bluetooth.cc
@@ -75,6 +75,14 @@ bool IsRequestDenied(LocalDOMWindow* window, ExceptionState& exception_state) {
   } else if (window->GetFrame()->IsInFencedFrameTree()) {
     exception_state.ThrowDOMException(DOMExceptionCode::kNotAllowedError,
                                       kFencedFrameError);
+  } else if (window->GetFrame()
+                 ->Top()
+                 ->GetSecurityContext()
+                 ->GetSecurityOrigin()
+                 ->IsOpaque()) {
+    exception_state.ThrowSecurityError(
+        "Access to the Web Bluetooth API is denied from contexts where the "
+        "top-level document has an opaque origin.");
   }
 
   return exception_state.HadException();
@@ -291,6 +299,7 @@ void ConvertRequestDeviceOptions(
 ScriptPromise Bluetooth::getAvailability(ScriptState* script_state,
                                          ExceptionState& exception_state) {
   LocalDOMWindow* window = GetSupplementable()->DomWindow();
+
   if (IsRequestDenied(window, exception_state)) {
     return ScriptPromise();
   }
@@ -353,6 +362,7 @@ void Bluetooth::RequestDeviceCallback(
 ScriptPromise Bluetooth::getDevices(ScriptState* script_state,
                                     ExceptionState& exception_state) {
   LocalDOMWindow* window = GetSupplementable()->DomWindow();
+
   if (IsRequestDenied(window, exception_state)) {
     return ScriptPromise();
   }
@@ -380,6 +390,7 @@ ScriptPromise Bluetooth::requestDevice(ScriptState* script_state,
                                        const RequestDeviceOptions* options,
                                        ExceptionState& exception_state) {
   LocalDOMWindow* window = GetSupplementable()->DomWindow();
+
   if (IsRequestDenied(window, exception_state)) {
     return ScriptPromise();
   }
@@ -484,6 +495,7 @@ ScriptPromise Bluetooth::requestLEScan(ScriptState* script_state,
                                        const BluetoothLEScanOptions* options,
                                        ExceptionState& exception_state) {
   LocalDOMWindow* window = GetSupplementable()->DomWindow();
+
   if (IsRequestDenied(window, exception_state)) {
     return ScriptPromise();
   }