[iOS][Autofill] Cache unmasked Virtual Cards in Manual Fallback [chromium/src : main]

[yiwen qian (Gerrit)]

Attention needed from Qihui Zhao

yiwen qian voted and added 1 comment

Votes added by yiwen qian

Commit-Queue

+1

1 comment

Patchset-level comments

File-level comment, Patchset 3 (Latest):

yiwen qian . resolved

Hi Qihui, could you please review this CL? Thanks!

Open in Gerrit

Related details

Attention is currently required from:

• Qihui Zhao

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: I6c17e9569154044f27989e9e7e030e674809fd10

Gerrit-Change-Number: 7488331

Gerrit-PatchSet: 3

Gerrit-Owner: yiwen qian <yiwe...@chromium.org>

Gerrit-Reviewer: Qihui Zhao <qihu...@google.com>

Gerrit-Reviewer: yiwen qian <yiwe...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: Qihui Zhao <qihu...@google.com>

Gerrit-Comment-Date: Fri, 16 Jan 2026 02:23:25 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: Yes

[Qihui Zhao (Gerrit)]

Attention needed from yiwen qian

Qihui Zhao added 1 comment

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Qihui Zhao . resolved

Some high level comments:

Security safety concern: Since GetUnmaskedCardCache() is a static base::NoDestructor, the unmasked card data (including full card numbers and potentially CVCs) stays in memory until the app process is killed. If the user switches away from the app and leaves it in the background, sensitive data remains in RAM.

Other than that, base::NoDestructor is thread-safe for initialization, but std::map is not thread-safe for r/w. If onPersonalDataChanged (which clears the map) fires on the main thread while a background fetch or UI lookup is happening, it might crash.

Lastly, we don't need to cache all card types, for those local or masked server card, it does not need to cache as it's doing an authentication on month/year fetching.

Open in Gerrit

Related details

Attention is currently required from:

• yiwen qian

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: I6c17e9569154044f27989e9e7e030e674809fd10

Gerrit-Change-Number: 7488331

Gerrit-PatchSet: 3

Gerrit-Owner: yiwen qian <yiwe...@chromium.org>

Gerrit-Reviewer: Qihui Zhao <qihu...@google.com>

Gerrit-Reviewer: yiwen qian <yiwe...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: yiwen qian <yiwe...@chromium.org>

Gerrit-Comment-Date: Fri, 16 Jan 2026 17:25:06 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

[yiwen qian (Gerrit)]

Attention needed from Qihui Zhao

yiwen qian added 1 comment

Patchset-level comments

File-level comment, Patchset 3:

Qihui Zhao . unresolved

Some high level comments:

Security safety concern: Since GetUnmaskedCardCache() is a static base::NoDestructor, the unmasked card data (including full card numbers and potentially CVCs) stays in memory until the app process is killed. If the user switches away from the app and leaves it in the background, sensitive data remains in RAM.

Other than that, base::NoDestructor is thread-safe for initialization, but std::map is not thread-safe for r/w. If onPersonalDataChanged (which clears the map) fires on the main thread while a background fetch or UI lookup is happening, it might crash.

Lastly, we don't need to cache all card types, for those local or masked server card, it does not need to cache as it's doing an authentication on month/year fetching.

yiwen qian

1. Security: Added an observer for UIApplicationDidEnterBackgroundNotification to clear the cache immediately when the app enters the background.
2. Thread Safety: Introduced base::Lock to ensure thread-safe access to the map.
3. Cache Scope: Updated the logic to only cache kVirtualCard types

Open in Gerrit

Related details

Attention is currently required from:

• Qihui Zhao

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review

• No-Unresolved-Comments

• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: I6c17e9569154044f27989e9e7e030e674809fd10

Gerrit-Change-Number: 7488331

Gerrit-PatchSet: 6

Gerrit-Owner: yiwen qian <yiwe...@chromium.org>

Gerrit-Reviewer: Qihui Zhao <qihu...@google.com>

Gerrit-Reviewer: yiwen qian <yiwe...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: Qihui Zhao <qihu...@google.com>

Gerrit-Comment-Date: Sat, 17 Jan 2026 05:47:48 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

Comment-In-Reply-To: Qihui Zhao <qihu...@google.com>