From 8f2b19e50ea4e6c608e7644022db1ff4be4fcbc0 Mon Sep 17 00:00:00 2001 From: Hao Liu Date: Tue, 3 Jan 2023 16:28:33 +0000 Subject: [Backport] CVE-2023-1233: Insufficient policy enforcement in Resource Timing Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4116604: Fix extension fingerprinting via resource timing entry This CL is to prevent resource timing entry being emitted for resources that are initiated in the Non main world. Test cases are added for resources initiated from both the main world and non main world. Bug: 1045681 Change-Id: I309b54dae63f56e8d1d71e5c33507623b0c80389 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4116604 Reviewed-by: Yoav Weiss Reviewed-by: Lei Zhang Commit-Queue: Hao Liu Cr-Commit-Position: refs/heads/main@{#1088254} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468622 Reviewed-by: Michal Klocek --- .../blink/renderer/platform/loader/fetch/resource_fetcher.cc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc index 189b223c46e..f7d872f9c5b 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc @@ -2298,6 +2298,14 @@ void ResourceFetcher::PopulateAndAddResourceTimingInfo( Resource* resource, scoped_refptr info, base::TimeTicks response_end) { + + // Resource timing entries that correspond to resources fetched by extensions + // are precluded. + if (resource->Options().world_for_csp.get() && + resource->Options().world_for_csp->IsIsolatedWorld()) { + return; + } + const KURL& initial_url = resource->GetResourceRequest().GetRedirectInfo().has_value() ? resource->GetResourceRequest().GetRedirectInfo()->original_url -- cgit v1.2.1