[chromecast] Fix Command-line flag injection and sandbox escape in CastBrowserService [chromium/src : main]

1 view
Skip to first unread message

Simeon Anfinrud (Gerrit)

unread,
May 12, 2026, 7:53:36ā€ÆPMMay 12
to Jerome Jiang, Mirko Bonadei, Sandeep Vijayasekar, Code Review Nudger, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, chrome-intelligence-te...@google.com, grt+...@chromium.org, net-r...@chromium.org, cblume...@chromium.org, devtools...@chromium.org, chrome-intell...@chromium.org, penghuan...@chromium.org, mar...@chromium.org, fgal...@chromium.org, jz...@chromium.org, security-...@chromium.org, halliwe...@chromium.org
Attention needed from Sandeep Vijayasekar

Simeon Anfinrud added 1 comment

Message

Gemini says: Addressed Gerrit review comments.

1 comment

File chromecast/browser/android/junit/src/org/chromium/chromecast/shell/CastCommandLineHelperTest.java
File-level comment, Patchset 13 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. Updated the copyright year to 2026.

Open in Gerrit

Related details

Attention is currently required from:
  • Sandeep Vijayasekar
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I92a918da640b4f3a2f9611070ecc98695f499536
Gerrit-Change-Number: 7765497
Gerrit-PatchSet: 13
Gerrit-Owner: Simeon Anfinrud <san...@chromium.org>
Gerrit-Reviewer: Sandeep Vijayasekar <sa...@google.com>
Gerrit-Reviewer: Simeon Anfinrud <san...@chromium.org>
Gerrit-CC: Code Review Nudger <android-build...@prod.google.com>
Gerrit-CC: Jerome Jiang <ji...@chromium.org>
Gerrit-CC: Mirko Bonadei <mbon...@chromium.org>
Gerrit-Attention: Sandeep Vijayasekar <sa...@google.com>
Gerrit-Comment-Date: Tue, 12 May 2026 23:53:27 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Simeon Anfinrud (Gerrit)

unread,
May 14, 2026, 3:44:32ā€ÆPMMay 14
to Jerome Jiang, Mirko Bonadei, Sandeep Vijayasekar, Code Review Nudger, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, chrome-intelligence-te...@google.com, grt+...@chromium.org, net-r...@chromium.org, cblume...@chromium.org, devtools...@chromium.org, chrome-intell...@chromium.org, penghuan...@chromium.org, mar...@chromium.org, fgal...@chromium.org, jz...@chromium.org, security-...@chromium.org, halliwe...@chromium.org
Attention needed from Sandeep Vijayasekar

Simeon Anfinrud added 7 comments

Message

Gemini says: Addressed Gerrit review comments.

7 comments

File chromecast/browser/android/apk/CastBrowserAndroidManifest.xml.jinja2
File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. Added a custom permission `com.google.android.apps.mediashell.permission.START_CAST_BROWSER` instead of using `DUMP`.

File chromecast/browser/android/apk/src/org/chromium/chromecast/shell/CastCommandLineHelper.java
File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. Positional arguments are now allowed.

File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. The code now correctly handles dashes and empty switch names.

File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. Removed trailing whitespace.

File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Good catch. You are completely right, positional arguments should not be forwarded since they can be interpreted as arbitrary URLs or files to open. I have modified the loop to strictly ignore them.

File-level comment, Patchset 14 (Latest):
Simeon Anfinrud . resolved

Gemini says: Done. I added `CastCommandLineHelperTest` to `chromecast/browser/android/BUILD.gn` that thoroughly tests switch parsing, blocking unauthorized flags, and ignoring positional arguments.

File chromecast/browser/android/junit/src/org/chromium/chromecast/shell/CastCommandLineHelperTest.java
Simeon Anfinrud . resolved

Gemini says: Done. Updated the copyright year to 2026.

Open in Gerrit

Related details

Attention is currently required from:
  • Sandeep Vijayasekar
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I92a918da640b4f3a2f9611070ecc98695f499536
Gerrit-Change-Number: 7765497
Gerrit-PatchSet: 14
Gerrit-Owner: Simeon Anfinrud <san...@chromium.org>
Gerrit-Reviewer: Sandeep Vijayasekar <sa...@google.com>
Gerrit-Reviewer: Simeon Anfinrud <san...@chromium.org>
Gerrit-CC: Code Review Nudger <android-build...@prod.google.com>
Gerrit-CC: Jerome Jiang <ji...@chromium.org>
Gerrit-CC: Mirko Bonadei <mbon...@chromium.org>
Gerrit-Attention: Sandeep Vijayasekar <sa...@google.com>
Gerrit-Comment-Date: Thu, 14 May 2026 19:44:23 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Simeon Anfinrud (Gerrit)

unread,
May 20, 2026, 12:56:30ā€ÆAMĀ (10 days ago)Ā May 20
to Jerome Jiang, Mirko Bonadei, Sandeep Vijayasekar, Code Review Nudger, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, chrome-intelligence-te...@google.com, grt+...@chromium.org, net-r...@chromium.org, cblume...@chromium.org, devtools...@chromium.org, chrome-intell...@chromium.org, penghuan...@chromium.org, mar...@chromium.org, fgal...@chromium.org, jz...@chromium.org, security-...@chromium.org, halliwe...@chromium.org
Attention needed from Sandeep Vijayasekar

Simeon Anfinrud voted

Auto-Submit+1
Commit-Queue+1
Gerrit-Comment-Date: Wed, 20 May 2026 04:56:20 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Simeon Anfinrud (Gerrit)

unread,
May 28, 2026, 8:24:38ā€ÆPMĀ (2 days ago)Ā May 28
to Jerome Jiang, Mirko Bonadei, Sandeep Vijayasekar, Code Review Nudger, Chromium LUCI CQ, chromium...@chromium.org, android-bu...@system.gserviceaccount.com, chrome-intelligence-te...@google.com, grt+...@chromium.org, net-r...@chromium.org, cblume...@chromium.org, devtools...@chromium.org, chrome-intell...@chromium.org, penghuan...@chromium.org, mar...@chromium.org, fgal...@chromium.org, jz...@chromium.org, security-...@chromium.org, halliwe...@chromium.org
Attention needed from Sandeep Vijayasekar

Simeon Anfinrud voted Commit-Queue+2

Commit-Queue+2
Gerrit-Comment-Date: Fri, 29 May 2026 00:24:27 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy
Reply all
Reply to author
Forward
0 new messages