diff options
| author | Hao Liu <haoliuk@chromium.org> | 2023-01-03 16:28:33 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-04-03 15:23:37 +0000 |
| commit | 0487d1dcb21e3c931cb5b1185b6419740570ab25 (patch) | |
| tree | 7f1e020b31b0b319ceb0cf88328ed10bcc7b352c /chromium | |
| parent | 76f2081b9302b19484531163c61fa80c55e9d8cd (diff) | |
| download | qtwebengine-chromium-0487d1dcb21e3c931cb5b1185b6419740570ab25.tar.gz | |
[Backport] CVE-2023-1233: Insufficient policy enforcement in Resource Timing
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4116604:
Fix extension fingerprinting via resource timing entry
This CL is to prevent resource timing entry being emitted for resources
that are initiated in the Non main world.
Test cases are added for resources initiated from both the main world
and non main world.
Bug: 1045681
Change-Id: I309b54dae63f56e8d1d71e5c33507623b0c80389
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4116604
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Hao Liu <haoliuk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1088254}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468200
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium')
| -rw-r--r-- | chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc index 454d42e9567..2b9edc46e57 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc @@ -2381,6 +2381,13 @@ void ResourceFetcher::PopulateAndAddResourceTimingInfo( if (resource->GetResourceRequest().IsFromOriginDirtyStyleSheet()) return; + // Resource timing entries that correspond to resources fetched by extensions + // are precluded. + if (resource->Options().world_for_csp.get() && + resource->Options().world_for_csp->IsIsolatedWorld()) { + return; + } + const KURL& initial_url = resource->GetResourceRequest().GetRedirectInfo().has_value() ? resource->GetResourceRequest().GetRedirectInfo()->original_url |