[Extensions] Block externally_connectable messaging from error pages. [chromium/src : main]
0 views
Skip to first unread message
Justin Lulejian (Gerrit)
Jun 24, 2026, 5:42:35 PM (yesterday) Jun 24
to Andrea Orru, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Attention needed from Andrea Orru
Justin Lulejian voted and added 1 comment![]( "Open in Gerrit")
Votes added by Justin Lulejian
| Auto-Submit | +1 |
| Commit-Queue | +1 |
1 comment
Patchset-level comments
File-level comment, Patchset 5 (Latest):
Justin Lulejian . resolved
Hi Andrea! This should be ready for review since tests passed on the previous patchset with only minor noop changes.
Related details
Attention is currently required from:
- Andrea Orru
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Andrea Orru (Gerrit)
6:16 PM (3 hours ago) 6:16 PM
to Justin Lulejian, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Attention needed from Justin Lulejian
Andrea Orru voted Code-Review+1![]( "Open in Gerrit")
Attention is currently required from:
- Justin Lulejian
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Justin Lulejian (Gerrit)
7:17 PM (2 hours ago) 7:17 PM
to Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Justin Lulejian voted Commit-Queue+2![]( "Open in Gerrit")
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Chromium LUCI CQ (Gerrit)
8:53 PM (1 hour ago) 8:53 PM
to Justin Lulejian, Andrea Orru, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Chromium LUCI CQ submitted the change![]( "Open in Gerrit")
Change information
Commit message:
[Extensions] Block externally_connectable messaging from error pages.
Previously, a page committing as an error document could still establish
connections to externally_connectable extensions. This was because
MessageService::OpenChannelToExtension validated the connection request
against the frame's GetLastCommittedURL() but did not check if the
document was actually an error page (IsErrorDocument()). Since the last
committed URL of an error page reflects the failed navigation target,
this made it seems like a renderer hosting the error page was actually
hosting the target URL (from the perspective of messaging).
After this change, connection requests from frames that commit as error
documents are rejected.
This is accomplished by adding a check for !IsErrorDocument() when
validating externally_connectable matches in
MessageService::OpenChannelToExtension.
TAG=agy
CONV=e9ac3cb4-8403-4361-9db3-3170b15055e0
Fixed: 516813317
Change-Id: I1fad94b12ffd37d5fb0ff49271869b35966b5f8d
Auto-Submit: Justin Lulejian <jlul...@chromium.org>
Reviewed-by: Andrea Orru <andre...@chromium.org>
Commit-Queue: Justin Lulejian <jlul...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1652841}
Files:
- M chrome/browser/extensions/extension_security_exploit_browsertest.cc
- M extensions/browser/api/messaging/message_service.cc
Change size: M
Delta: 2 files changed, 143 insertions(+), 3 deletions(-)
Branch: refs/heads/main
Submit Requirements:
Code-Review: +1 by Andrea Orru
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages