Zhuoyu Qian (Gerrit)

unread,

Jun 25, 2026, 11:48:04 AM (12 hours ago) Jun 25

to John Lee, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from John Lee

Zhuoyu Qian added 1 comment

Patchset-level comments

File-level comment, Patchset 1 (Latest):

Zhuoyu Qian . resolved

Hi John,
Please have a look at this change, thanks!

Open in Gerrit

Related details

Attention is currently required from:

John Lee

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

John Lee (Gerrit)

unread,

Jun 25, 2026, 4:09:21 PM (8 hours ago) Jun 25

to Zhuoyu Qian, John Lee, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Zhuoyu Qian

John Lee voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Zhuoyu Qian

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Zhuoyu Qian (Gerrit)

unread,

Jun 25, 2026, 9:18:57 PM (3 hours ago) Jun 25

to John Lee, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Zhuoyu Qian voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Jun 25, 2026, 9:32:41 PM (3 hours ago) Jun 25

to Zhuoyu Qian, John Lee, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

Fix openInNewWindow scheme deny-list bypass in bookmarkManagerPrivate

BookmarkManagerPrivateOpenInNewWindowFunction::RunOnReady passed
bookmark node URLs straight to Navigate() without the
ExtensionTabUtil::PrepareURLForNavigation scheme deny-list that the
sibling openInNewTab path applies to the same data. A compromised
bookmarks WebUI renderer could stage a devtools://, chrome-untrusted://,
or javascript: URL via bookmarks.create and open it as a
browser-initiated top-level window.

Route every bookmark URL through PrepareURLForNavigation before
navigating, and use the prepared URL for both the incognito filtering
and the navigation. Add a regression test covering denied schemes.

Change-Id: I23cd53c34673c049933bd332ffc9d3bd442341fa

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/8001415

Reviewed-by: John Lee <john...@chromium.org>

Commit-Queue: Zhuoyu Qian <zhuoy...@microsoft.com>

Cr-Commit-Position: refs/heads/main@{#1652858}

Files:

M chrome/browser/extensions/api/bookmark_manager_private/bookmark_manager_private_api.cc
M chrome/browser/extensions/api/bookmark_manager_private/bookmark_manager_private_api_browsertest.cc

Change size: M

Delta: 2 files changed, 57 insertions(+), 14 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by John Lee

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

Fix openInNewWindow scheme deny-list bypass in bookmarkManagerPrivate [chromium/src : main]

Zhuoyu Qian (Gerrit)

Zhuoyu Qian added 1 comment

Related details

John Lee (Gerrit)

John Lee voted Code-Review+1

Related details

Zhuoyu Qian (Gerrit)

Zhuoyu Qian voted Commit-Queue+2

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information