CVE-2016-1625
aka NTP Tabnab

Due to a lack of checking against intended target web addresses, malicious extensions are capable of changing where suggested links brought users when clicked on. This allows extensions to navigate users to malicious websites, or run Flash programs on the host device. Remote attackers could then use this to grab any file from the host device.

This vulnerability arose from the new functionality added to the NTP, where Chromium provides the user their most-visited sites and some suggested ones, without checking that the target of the link was the same as the link itself. Ultimately, this was a design mistake, because the developers never thought that such an attack would be possible, and while no exploit of this bug was ever created, it could have had huge consequences if it ever was. Additionally, between when the vulnerability was introduced and its fix, the subsystem was moved around, allowing the bug to hide longer than normal.

Bounty Awarded $1000.0 awarded. Learn more about Bounty Awarded.
Chromium subsystem: new tab page Learn more about Chromium subsystem: new tab page.
CWE-264: Permissions, Privileges, and Access Controls Learn more about CWE-264: Permissions, Privileges, and Access Controls.
Discovered Internally This vulnerability was originally brought to light by someone from Google that was able to grab the linux/unix password file from a system with a custom extension that runs a JS script that forces the download of a Flash program that when run, has access to any file on the host device. Learn more about Discovered Internally.
Discovered Manually This vulnerability was originally brought to light by someone from Google that was able to grab the linux/unix password file from a system with a custom extension that runs a JS script that forces the download of a Flash program that when run, has access to any file on the host device. Learn more about Discovered Manually.
Known Origin (VCC) Learn more about Known Origin (VCC).
Language: C++ Learn more about Language: C++.
Lesson: Changing Owners The owner of the code with the vulnerability changed 16 times. Learn more about Lesson: Changing Owners.
Lesson: Code Refactors 21 refactors took place during the vulnerability. Learn more about Lesson: Code Refactors.
Lesson: Defense in Depth It was assumed that extensions within Chromium were incapable of changing the link targets on the New Tab Page. This ability allowed them to direct users to any website, or directly download and potentially run a file from another URL without further user interaction. Thus, the developers didn't originally think to check that the target links given on the NTP should all be in the most-visited or suggested link lists to prevent this. The fix was to add another layer of defense to Chromium where links are only navigated to if they are within one of those two lists. Learn more about Lesson: Defense in Depth.
Lesson: Environment Variables Combining this vulnerability with the intended insecure nature of Flash, an attacker can create an extension that runs a Flash program to pull anything off the user's computer, an example given in the bug report was the contents of '/etc/passwd' on Linux/Unix systems Learn more about Lesson: Environment Variables.
Lesson: Fix Untested This vulnerability involved a missing check in the code between the actual link targets and the expected list of links. There were no tests in place before the fix. Fixing this issue involved adding code to check for this and unit tests to verify the issue was resolved. Learn more about Lesson: Fix Untested.
Lesson: Lacked Test This vulnerability involved a missing check in the code between the actual link targets and the expected list of links. There were no tests in place before the fix. Fixing this issue involved adding code to check for this and unit tests to verify the issue was resolved. Learn more about Lesson: Lacked Test.
Lesson: Least Privilege Extensions themselves should not be allowed to download and execute code on user's computer outside of the Chrome sandbox, however this was possible due to the insecure nature of Flash applications. The extension was capable of downloading and running a Flash application, two things that they shouldn't inherently be allowed to do. The Flash application, in turn is insecure to the point where it allows for access to the host device and any file on it. Learn more about Lesson: Least Privilege.
Lesson: Reverting Codebase 25 reverts took place during the vulnerability. Learn more about Lesson: Reverting Codebase.
Lesson: Too Many Cooks 200 different developers made commits to the files fixed for this vulnerability. Learn more about Lesson: Too Many Cooks.
Lifetime: 2 to 5 years 828.9 days, or 2.3 years Learn more about Lifetime: 2 to 5 years.
Project: Chromium Learn more about Project: Chromium.

Commits

NTP: don't allow navigateContentWindow to navigate where it pleases.

Files Patched

chrome/browser/search/instant_service.cc

chrome/browser/search/instant_service.h

chrome/browser/search/instant_service_unittest.cc

chrome/browser/ui/search/search_tab_helper.cc

chrome/renderer/searchbox/searchbox_extension.cc

CVE: CVE-2016-1625
CWE:
- 264
bugs:
- 509313
repo: 
vccs:
- note: initially created during fix for bug 272583
  commit: 064f57affdcdbc6b5e85bc1fc2082a5e393ff0af
fixes:
- note: Finally added check to fix issue
  commit: d523a41aed4e321d4c8197b5cccb73be23c8dcc2
bounty:
  date: '2016-02-09 14:32:00.000000000 -05:00'
  amount: 1000.0
  references:
  - http://chromereleases.googleblog.com/2016/02/stable-channel-update_9.html
lessons:
  yagni:
    note: 
    applies: false
  question: |
    Are there any common lessons we have learned from class that apply to this
    vulnerability? In other words, could this vulnerability serve as an example
    of one of those lessons?

    Leave "applies" blank or put false if you did not see that lesson (you do
    not need to put a reason). Put "true" if you feel the lesson applies and put
    a quick explanation of how it applies.

    Don't feel the need to claim that ALL of these apply, but it's pretty likely
    that one or two of them apply.

    If you think of another lesson we covered in class that applies here, feel
    free to give it a small name and add one in the same format as these.
  serial_killer:
    note: 
    applies: false
  complex_inputs:
    note: 
    applies: false
  distrust_input:
    note: 
    applies: false
  least_privilege:
    note: "Extensions themselves should not be allowed to download and execute code
      on \nuser's computer outside of the Chrome sandbox, however this was possible
      due\nto the insecure nature of Flash applications. The extension was capable
      of\ndownloading and running a Flash application, two things that they shouldn't\ninherently
      be allowed to do. The Flash application, in turn is insecure to \nthe point
      where it allows for access to the host device and any file on it.\n"
    applies: true
  native_wrappers:
    note: 
    applies: false
  defense_in_depth:
    note: "It was assumed that extensions within Chromium were incapable of changing\nthe
      link targets on the New Tab Page. This ability allowed them to direct\nusers
      to any website, or directly download and potentially run a file from \nanother
      URL without further user interaction. Thus, the developers didn't \noriginally
      think to check that the target links given on the NTP should all\nbe in the
      most-visited or suggested link lists to prevent this. The fix was\nto add another
      layer of defense to Chromium where links are only navigated to\nif they are
      within one of those two lists.\n"
    applies: true
  secure_by_default:
    note: 
    applies: false
  environment_variables:
    note: "Combining this vulnerability with the intended insecure nature of Flash,
      an \nattacker can create an extension that runs a Flash program to pull anything\noff
      the user's computer, an example given in the bug report was the contents\nof
      '/etc/passwd' on Linux/Unix systems\n"
    applies: true
  security_by_obscurity:
    note: 
    applies: false
  frameworks_are_optional:
    note: 
    applies: false
reviews:
- 1676583002
- 1674303003
- 1669723002
upvotes: 22
mistakes:
  answer: |
    This vulnerability arose from the new functionality added to the NTP,
    where Chromium provides the user their most-visited sites and some suggested
    ones, without checking that the target of the link was the same as the link itself.
    Ultimately, this was a design mistake, because the developers never
    thought that such an attack would be possible, and while no exploit of this
    bug was ever created, it could have had huge consequences if it ever was.
    Additionally, between when the vulnerability was introduced and its fix,
    the subsystem was moved around, allowing the bug to hide longer than normal.
  question: |
    In your opinion, after all of this research, what mistakes were made that
    led to this vulnerability? Coding mistakes? Design mistakes?
    Maintainability? Requirements? Miscommunications?

    Look at the CWE entry for this vulnerability and examine the mitigations
    they have written there. Are they doing those? Does the fix look proper?

    Use those questions to inspire your answer. Don't feel obligated to answer
    every one. Write a thoughtful entry here that those ing the software
    engineering industry would find interesting.
nickname: NTP Tabnab
announced: '2016-02-13 21:59:03.130000000 -05:00'
subsystem:
  name: New Tab Page
  answer: Chrome Instant on the New Tab Page
  question: |
    What subsystems was the mistake in?

    Look at the path of the source code files code that were fixed to get
    directory names. Look at comments in the code. Look at the bug reports how
    the bug report was tagged. Examples: "clipboard", "gpu", "ssl", "speech", "renderer"
discovered:
  date: '2015-07-12'
  answer: "This vulnerability was originally brought to light by someone from Google\nthat
    was able to grab the linux/unix password file from a system with a \ncustom extension
    that runs a JS script that forces the download of a Flash\nprogram that when run,
    has access to any file on the host device.\n"
  google: true
  contest: false
  question: |
    How was this vulnerability discovered?

    Go to the bug report and read the conversation to find out how this was
    originally found. Answer in longform below in "answer", fill in the date in
    YYYY-MM-DD, and then determine if the vulnerability was found by a Google
    employee (you can tell from their email address). If it's clear that the
    vulnerability was discovered by a contest, fill in the name there.

    The "automated" flag can be true, false, or nil.
    The "google" flag can be true, false, or nil.

    If there is no evidence as to how this vulnerability was found, then you may
    leave the entries blank except for "answer". Write down where you looked in "answer".
  automated: false
description: "Due to a lack of checking against intended target web addresses, malicious
  \nextensions are capable of changing where suggested links brought users when \nclicked
  on. This allows extensions to navigate users to malicious websites, \nor run Flash
  programs on the host device. Remote attackers could then use \nthis to grab any
  file from the host device.\n"
unit_tested:
  fix: true
  code: false
  answer: "This vulnerability involved a missing check in the code between the actual
    \nlink targets and the expected list of links. There were no tests in place \nbefore
    the fix. Fixing this issue involved adding code to check for this\nand unit tests
    to verify the issue was resolved.\n"
  question: |
    Were automated unit tests involved in this vulnerability?
    Was the original code unit tested, or not unit tested? Did the fix involve
    improving the automated tests?

    For the "code" answer below, look not only at the fix but the surrounding
    code near the fix and determine if and was there were unit tests involved
    for this module.

    For the "fix" answer below, check if the fix for the vulnerability involves
    adding or improving an automated test to ensure this doesn't happen again.
major_events:
  answer: |
    It is assumed the team changed within the 3 years this vulnerability was active.
    The New Tab Page and Chrome Instant, were both reworked and semi-componentized
    within this time which could help account for the length of time the vulnerability
    was active.
  events:
  - date: '2015-08-03'
    name: Componentized Search functions, code was moved to another namespace to accommodate
      iOS.
  - date: '2014-07-23'
    name: Experimental code dealing with Most Visited Tiles on the NTP was removed
      from Chrome
  question: |
    Please record any major events you found in the history of this
    vulnerability. Was the code rewritten at some point? Was a nearby subsystem
    changed? Did the team change?

    The event doesn't need to be directly related to this vulnerability, rather,
    we want to capture what the development team was dealing with at the time.
curation_level: 0
CWE_instructions: |
  Please go to cwe.mitre.org and find the most specific, appropriate CWE entry
  that describes your vulnerability. (Tip: this may not be a good one to start
  with - spend time understanding this vulnerability before making your choice!)
bounty_instructions: |
  If you came across any indications that a bounty was paid out for this
  vulnerability, fill it out here. Or correct it if the information already here
  was wrong. Otherwise, leave it blank.
interesting_commits:
  answer: 
  commits:
  - note: "Added support for forced URLs in the TopSites of Chrome. Allows Chrome
      to force, \nand keep top-sites according to the most recently used metric. Allows
      for certain sites\nto appear on the New Tab Page over other web pages in the
      most-visited list.\nCurrent implementation shows only 8 sites on the NTP, so
      this provides more \ncustomization to those sites.\n"
    commit: ce767ab228df8ab9ee2664a258380ce9601fc42b
  - note: |
      Rework of the New Tab Page to remove anything that dealt with an older version of
      the NTP still referenced in the code. This is the second commit of this nature, the
      first one was reverted due to a duplicate performance registration issues on Android.
    commit: 8d57a0152613119d7e6369838fd5838fb7773e68
  - note: |
      Experimental code used to test the Most Visited Tiles functionality on the New
      Tab Page is considered obsolete at this point and was removed from the repo.
    commit: 982ecc2f027bc08255e8dd6a37017b69bde250f7
  - note: |
      Involved the movement of the browser's search functionality from a submodule of the
      browser directly, into it's own namespace and module.
      This could have attributed to the length of time this vulnerability sat in the repo.
    commit: 51bbec7be7014d4d75d39c1a5c27b1ba9ddc3dcd
  question: |
    Are there any interesting commits between your VCC(s) and fix(es)?

    Write a brief (under 100 words) description of why you think this commit was
    interesting in light of the lessons learned from this vulnerability. Any
    emerging themes?

    If there are no interesting commits, demonstrate that you completed this section by explaining what happened between the VCCs and the fix.
curated_instructions: |
  If you are manually editing this file, then you are "curating" it. Set the
  entry below to "true" as soon as you start. This will enable additional
  integrity checks on this file to make sure you fill everything out properly.
  If you are a student, we cannot accept your work as finished unless curated is
  set to true.
upvotes_instructions: |
  For the first round, ignore this upvotes number.

  For the second round of reviewing, you will be giving a certain amount of
  upvotes to each vulnerability you see. Your peers will tell you how
  interesting they think this vulnerability is, and you'll add that to the
  upvotes score on your branch.
announced_instructions: |
  Was there a date that this vulnerability was announced to the world? You can
  find this in changelogs, blogs, bug reports, or perhaps the CVE date. A good
  source for this is Chrome's Stable Release Channel
  (https://chromereleases.googleblog.com/).
  Please enter your date in YYYY-MM-DD format.
fixes_vcc_instructions: |
  Please put the commit hash in "commit" below (see my example in
  CVE-2011-3092.yml). Fixes and VCCs follow the same format.
description_instructions: |
  You can get an initial description from the CVE entry on cve.mitre.org. These
  descriptions are a fine start, but they can be kind of jargony.

  Rewrite this description in your own words. Make it interesting and easy to
  read to anyone with some programming experience. We can always pull up the NVD
  description later to get more technical.

  Try to still be specific in your description, but remove Chromium-specific
  stuff. Remove references to versions, specific filenames, and other jargon
  that outsiders to Chromium would not understand. Technology like "regular
  expressions" is fine, and security phrases like "invalid write" are fine to
  keep too.

There are no articles here... yet

Timeline

Hover over an event to see its title.
Click on the event to learn more.
Filter by event type with the buttons below.

lock

February 4th 2016, 8:06 pm

Fix for CVE-2016-1625: NTP: don't allow navigateContentWindow to navigate where it pleases.

Our curators found that this vulnerability was fixed by this commit.

The commit had 93 lines changed.

1 insertions, and
92 deletions

Here was the commit message.

NTP: don't allow navigateContentWindow to navigate where it pleases. BUG=509313 Review URL: https://codereview.chromium.org/1669723002 Cr-Commit-Position: refs/heads/master@{#373598}

Learn more about this commit

assignment

February 1st 2016, 4:00 am

2 commits by 2 developers, 99 lines changed

On the week starting on Monday, February 01, 2016, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

97 insertions, and
2 deletions

Impacting a total of 5 source code file(s). The impacted files were:

person

February 1st 2016, 4:00 am

1 new developer(s)

On the week of Monday, February 01, 2016, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

January 4th 2016, 4:00 am

1 commit by 1 developers, 498 lines changed

On the week starting on Monday, January 04, 2016, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

13 insertions, and
485 deletions

Impacting a total of 5 source code file(s). The impacted files were:

person

January 4th 2016, 4:00 am

1 new developer(s)

On the week of Monday, January 04, 2016, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

December 21st 2015, 4:00 am

3 commits by 1 developers, 7145 lines changed

On the week starting on Monday, December 21, 2015, the code that was impacted by this vulnerability had 3 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

5032 insertions, and
2113 deletions

Impacting a total of 4 source code file(s). The impacted files were:

assignment

December 7th 2015, 4:00 am

2 commits by 2 developers, 1269 lines changed

On the week starting on Monday, December 07, 2015, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

688 insertions, and
581 deletions

Impacting a total of 4 source code file(s). The impacted files were:

person

December 7th 2015, 4:00 am

1 new developer(s)

On the week of Monday, December 07, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

November 30th 2015, 4:00 am

1 commit by 1 developers, 77 lines changed

On the week starting on Monday, November 30, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

47 insertions, and
30 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

November 9th 2015, 4:00 am

4 commits by 3 developers, 1830 lines changed

On the week starting on Monday, November 09, 2015, the code that was impacted by this vulnerability had 4 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

727 insertions, and
1103 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

November 9th 2015, 4:00 am

2 new developer(s)

On the week of Monday, November 09, 2015, 2 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

September 28th 2015, 4:00 am

1 commit by 1 developers, 189 lines changed

On the week starting on Monday, September 28, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

121 insertions, and
68 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

September 21st 2015, 4:00 am

1 commit by 1 developers, 399 lines changed

On the week starting on Monday, September 21, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

306 insertions, and
93 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

September 21st 2015, 4:00 am

1 new developer(s)

On the week of Monday, September 21, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

September 7th 2015, 4:00 am

1 commit by 1 developers, 83 lines changed

On the week starting on Monday, September 07, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

78 insertions, and
5 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

August 31st 2015, 4:00 am

2 commits by 2 developers, 393 lines changed

On the week starting on Monday, August 31, 2015, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

225 insertions, and
168 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

August 31st 2015, 4:00 am

1 new developer(s)

On the week of Monday, August 31, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

August 3rd 2015, 4:00 am

3 commits by 3 developers, 1798 lines changed

On the week starting on Monday, August 03, 2015, the code that was impacted by this vulnerability had 3 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

955 insertions, and
843 deletions

Impacting a total of 4 source code file(s). The impacted files were:

person

August 3rd 2015, 4:00 am

1 new developer(s)

On the week of Monday, August 03, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

July 6th 2015, 4:00 am

3 commits by 3 developers, 963 lines changed

On the week starting on Monday, July 06, 2015, the code that was impacted by this vulnerability had 3 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

514 insertions, and
449 deletions

Impacting a total of 3 source code file(s). The impacted files were:

person

July 6th 2015, 4:00 am

1 new developer(s)

On the week of Monday, July 06, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

June 29th 2015, 4:00 am

1 commit by 1 developers, 73 lines changed

On the week starting on Monday, June 29, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

53 insertions, and
20 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

June 8th 2015, 4:00 am

1 commit by 1 developers, 1361 lines changed

On the week starting on Monday, June 08, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

691 insertions, and
670 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

June 1st 2015, 4:00 am

1 commit by 1 developers, 342 lines changed

On the week starting on Monday, June 01, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

173 insertions, and
169 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

May 25th 2015, 4:00 am

1 commit by 1 developers, 5608 lines changed

On the week starting on Monday, May 25, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

2923 insertions, and
2685 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

May 25th 2015, 4:00 am

1 new developer(s)

On the week of Monday, May 25, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

May 18th 2015, 4:00 am

3 commits by 1 developers, 3994 lines changed

On the week starting on Monday, May 18, 2015, the code that was impacted by this vulnerability had 3 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1360 insertions, and
2634 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

May 18th 2015, 4:00 am

1 new developer(s)

On the week of Monday, May 18, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

May 11th 2015, 4:00 am

1 commit by 1 developers, 274 lines changed

On the week starting on Monday, May 11, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

168 insertions, and
106 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

May 11th 2015, 4:00 am

1 new developer(s)

On the week of Monday, May 11, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

April 27th 2015, 4:00 am

1 commit by 1 developers, 152 lines changed

On the week starting on Monday, April 27, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

76 insertions, and
76 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

April 27th 2015, 4:00 am

1 new developer(s)

On the week of Monday, April 27, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

April 20th 2015, 4:00 am

2 commits by 2 developers, 579 lines changed

On the week starting on Monday, April 20, 2015, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

399 insertions, and
180 deletions

Impacting a total of 2 source code file(s). The impacted files were:

healing

April 20th 2015, 4:00 am

1 refactor commit(s)

On the week of Monday, April 20, 2015, 1 commits mention the word "Refactor".

Read more about refactoring

assignment

April 13th 2015, 4:00 am

1 commit by 1 developers, 79 lines changed

On the week starting on Monday, April 13, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

40 insertions, and
39 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

April 13th 2015, 4:00 am

1 new developer(s)

On the week of Monday, April 13, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

March 30th 2015, 4:00 am

6 commits by 4 developers, 2131 lines changed

On the week starting on Monday, March 30, 2015, the code that was impacted by this vulnerability had 6 commit(s) by 4 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1158 insertions, and
973 deletions

Impacting a total of 3 source code file(s). The impacted files were:

person

March 30th 2015, 4:00 am

1 new developer(s)

On the week of Monday, March 30, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

March 23rd 2015, 4:00 am

2 commits by 2 developers, 503 lines changed

On the week starting on Monday, March 23, 2015, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

414 insertions, and
89 deletions

Impacting a total of 2 source code file(s). The impacted files were:

healing

March 23rd 2015, 4:00 am

1 refactor commit(s)

On the week of Monday, March 23, 2015, 1 commits mention the word "Refactor".

Read more about refactoring

assignment

March 16th 2015, 4:00 am

3 commits by 2 developers, 379 lines changed

On the week starting on Monday, March 16, 2015, the code that was impacted by this vulnerability had 3 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

344 insertions, and
35 deletions

Impacting a total of 3 source code file(s). The impacted files were:

assignment

March 9th 2015, 4:00 am

1 commit by 1 developers, 76 lines changed

On the week starting on Monday, March 09, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

63 insertions, and
13 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

March 9th 2015, 4:00 am

1 new developer(s)

On the week of Monday, March 09, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

person

March 2nd 2015, 4:00 am

1 new developer(s)

On the week of Monday, March 02, 2015, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

March 2nd 2015, 4:00 am

1 commit by 1 developers, 165 lines changed

On the week starting on Monday, March 02, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

164 insertions, and
1 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

February 16th 2015, 4:00 am

2 commits by 2 developers, 208 lines changed

On the week starting on Monday, February 16, 2015, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

126 insertions, and
82 deletions

Impacting a total of 3 source code file(s). The impacted files were:

assignment

January 26th 2015, 4:00 am

4 commits by 3 developers, 2906 lines changed

On the week starting on Monday, January 26, 2015, the code that was impacted by this vulnerability had 4 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1460 insertions, and
1446 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

January 26th 2015, 4:00 am

2 new developer(s)

On the week of Monday, January 26, 2015, 2 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

face

January 26th 2015, 4:00 am

Code ownership changed

On the week starting Monday, January 26, 2015, an OWNERS file changed related to the vulnerable code.

This indicates a potential change in team structure and responsibilities.

assignment

January 12th 2015, 4:00 am

1 commit by 1 developers, 401 lines changed

On the week starting on Monday, January 12, 2015, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

140 insertions, and
261 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

December 22nd 2014, 4:00 am

1 commit by 1 developers, 1005 lines changed

On the week starting on Monday, December 22, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

474 insertions, and
531 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

December 22nd 2014, 4:00 am

1 new developer(s)

On the week of Monday, December 22, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

December 8th 2014, 4:00 am

1 commit by 1 developers, 87 lines changed

On the week starting on Monday, December 08, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

33 insertions, and
54 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

December 8th 2014, 4:00 am

1 new developer(s)

On the week of Monday, December 08, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

November 17th 2014, 4:00 am

2 commits by 2 developers, 718 lines changed

On the week starting on Monday, November 17, 2014, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

549 insertions, and
169 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

November 17th 2014, 4:00 am

2 new developer(s)

On the week of Monday, November 17, 2014, 2 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

face

November 17th 2014, 4:00 am

Code ownership changed

On the week starting Monday, November 17, 2014, an OWNERS file changed related to the vulnerable code.

This indicates a potential change in team structure and responsibilities.

assignment

November 3rd 2014, 4:00 am

1 commit by 1 developers, 42 lines changed

On the week starting on Monday, November 03, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

27 insertions, and
15 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

November 3rd 2014, 4:00 am

1 new developer(s)

On the week of Monday, November 03, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

October 27th 2014, 4:00 am

1 commit by 1 developers, 964 lines changed

On the week starting on Monday, October 27, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

450 insertions, and
514 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

October 20th 2014, 4:00 am

3 commits by 2 developers, 5890 lines changed

On the week starting on Monday, October 20, 2014, the code that was impacted by this vulnerability had 3 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

2801 insertions, and
3089 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

October 20th 2014, 4:00 am

1 new developer(s)

On the week of Monday, October 20, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

October 13th 2014, 4:00 am

1 commit by 1 developers, 153 lines changed

On the week starting on Monday, October 13, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

66 insertions, and
87 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

October 13th 2014, 4:00 am

1 new developer(s)

145 insertions, and
82 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

August 4th 2014, 4:00 am

1 commit by 1 developers, 610 lines changed

On the week starting on Monday, August 04, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

2 insertions, and
608 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

July 21st 2014, 4:00 am

1 commit by 1 developers, 792 lines changed

On the week starting on Monday, July 21, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

486 insertions, and
306 deletions

Impacting a total of 1 source code file(s). The impacted files were:

face

July 21st 2014, 4:00 am

Code ownership changed

On the week starting Monday, July 21, 2014, an OWNERS file changed related to the vulnerable code.

This indicates a potential change in team structure and responsibilities.

assignment

July 14th 2014, 4:00 am

1 commit by 1 developers, 315 lines changed

On the week starting on Monday, July 14, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

157 insertions, and
158 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

July 7th 2014, 4:00 am

2 commits by 2 developers, 489 lines changed

On the week starting on Monday, July 07, 2014, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

160 insertions, and
329 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

July 7th 2014, 4:00 am

1 new developer(s)

On the week of Monday, July 07, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

June 30th 2014, 4:00 am

9 commits by 5 developers, 3631 lines changed

On the week starting on Monday, June 30, 2014, the code that was impacted by this vulnerability had 9 commit(s) by 5 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1771 insertions, and
1860 deletions

Impacting a total of 3 source code file(s). The impacted files were:

person

June 30th 2014, 4:00 am

1 new developer(s)

347 insertions, and
346 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

May 5th 2014, 4:00 am

4 commits by 3 developers, 2123 lines changed

On the week starting on Monday, May 05, 2014, the code that was impacted by this vulnerability had 4 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1076 insertions, and
1047 deletions

Impacting a total of 3 source code file(s). The impacted files were:

person

May 5th 2014, 4:00 am

1 new developer(s)

On the week of Monday, May 05, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

April 28th 2014, 4:00 am

6 commits by 5 developers, 24008 lines changed

On the week starting on Monday, April 28, 2014, the code that was impacted by this vulnerability had 6 commit(s) by 5 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

8164 insertions, and
15844 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

April 28th 2014, 4:00 am

3 new developer(s)

459 insertions, and
240 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

February 17th 2014, 4:00 am

3 commits by 3 developers, 729 lines changed

On the week starting on Monday, February 17, 2014, the code that was impacted by this vulnerability had 3 commit(s) by 3 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

364 insertions, and
365 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

February 17th 2014, 4:00 am

1 new developer(s)

On the week of Monday, February 17, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

February 10th 2014, 4:00 am

1 commit by 1 developers, 9 lines changed

On the week starting on Monday, February 10, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1 insertions, and
8 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

February 3rd 2014, 4:00 am

1 commit by 1 developers, 153 lines changed

On the week starting on Monday, February 03, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

73 insertions, and
80 deletions

Impacting a total of 4 source code file(s). The impacted files were:

assignment

January 27th 2014, 4:00 am

1 commit by 1 developers, 88 lines changed

On the week starting on Monday, January 27, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

64 insertions, and
24 deletions

Impacting a total of 1 source code file(s). The impacted files were:

assignment

January 20th 2014, 4:00 am

1 commit by 1 developers, 283 lines changed

On the week starting on Monday, January 20, 2014, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

216 insertions, and
67 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

January 20th 2014, 4:00 am

1 new developer(s)

On the week of Monday, January 20, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

January 13th 2014, 4:00 am

2 commits by 2 developers, 3533 lines changed

On the week starting on Monday, January 13, 2014, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

937 insertions, and
2596 deletions

Impacting a total of 4 source code file(s). The impacted files were:

person

January 13th 2014, 4:00 am

1 new developer(s)

On the week of Monday, January 13, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

January 6th 2014, 4:00 am

3 commits by 2 developers, 4468 lines changed

On the week starting on Monday, January 06, 2014, the code that was impacted by this vulnerability had 3 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

2243 insertions, and
2225 deletions

Impacting a total of 4 source code file(s). The impacted files were:

person

January 6th 2014, 4:00 am

1 new developer(s)

On the week of Monday, January 06, 2014, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

December 23rd 2013, 4:00 am

3 commits by 1 developers, 1871 lines changed

On the week starting on Monday, December 23, 2013, the code that was impacted by this vulnerability had 3 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

998 insertions, and
873 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

December 16th 2013, 4:00 am

1 commit by 1 developers, 71 lines changed

On the week starting on Monday, December 16, 2013, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

42 insertions, and
29 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

December 16th 2013, 4:00 am

1 new developer(s)

On the week of Monday, December 16, 2013, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

December 9th 2013, 4:00 am

9 commits by 6 developers, 4791 lines changed

On the week starting on Monday, December 09, 2013, the code that was impacted by this vulnerability had 9 commit(s) by 6 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

3051 insertions, and
1740 deletions

Impacting a total of 5 source code file(s). The impacted files were:

person

December 9th 2013, 4:00 am

2 new developer(s)

On the week of Monday, December 09, 2013, 2 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

December 2nd 2013, 4:00 am

2 commits by 2 developers, 637 lines changed

On the week starting on Monday, December 02, 2013, the code that was impacted by this vulnerability had 2 commit(s) by 2 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

339 insertions, and
298 deletions

Impacting a total of 2 source code file(s). The impacted files were:

assignment

November 25th 2013, 4:00 am

4 commits by 4 developers, 541 lines changed

On the week starting on Monday, November 25, 2013, the code that was impacted by this vulnerability had 4 commit(s) by 4 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

292 insertions, and
249 deletions

Impacting a total of 2 source code file(s). The impacted files were:

person

November 25th 2013, 4:00 am

1 new developer(s)

On the week of Monday, November 25, 2013, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

November 18th 2013, 4:00 am

4 commits by 4 developers, 553 lines changed

On the week starting on Monday, November 18, 2013, the code that was impacted by this vulnerability had 4 commit(s) by 4 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

281 insertions, and
272 deletions

Impacting a total of 1 source code file(s). The impacted files were:

person

November 18th 2013, 4:00 am

3 new developer(s)

On the week of Monday, November 18, 2013, 3 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

healing

November 18th 2013, 4:00 am

1 refactor commit(s)

On the week of Monday, November 18, 2013, 1 commits mention the word "Refactor".

Read more about refactoring

assignment

November 11th 2013, 4:00 am

5 commits by 5 developers, 3105 lines changed

On the week starting on Monday, November 11, 2013, the code that was impacted by this vulnerability had 5 commit(s) by 5 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1759 insertions, and
1346 deletions

Impacting a total of 4 source code file(s). The impacted files were:

person

November 11th 2013, 4:00 am

1 new developer(s)

On the week of Monday, November 11, 2013, 1 developer(s) committed to this code, and they have never committed to this code before.

Learn more at Lesson: Too Many Cooks

assignment

November 4th 2013, 4:00 am

1 commit by 1 developers, 3384 lines changed

On the week starting on Monday, November 04, 2013, the code that was impacted by this vulnerability had 1 commit(s) by 1 different developer(s), including 0 drive-by committer(s).

The commit had :notes~churn: lines changed.

1692 insertions, and
1692 deletions

Impacting a total of 1 source code file(s). The impacted files were:

report_problem

October 28th 2013, 9:50 pm

Vulnerability-contributing commit for CVE-2016-1625: Refactored ChromeViewHostMsg_SearchBoxNavigate IPC message related code.

A vulnerability-contributing commit (VCC) occurred here. This means that a curator identified this commit as (one of) the possible origins of this vulnerability.

This VCC had:

161 insertions, and
173 deletions

Thus it had a total raw churn of 334.

Here was the commit message.

Learn more about this commit

Learn more about vulnerability-contributing commits.

expand_less

CVE-2016-1625 aka NTP Tabnab

There are no articles here... yet

Timeline

1 commit by 1 developers, 92 lines changed

1 commit by 1 developers, 92 lines changed

1 revert commit(s)

1 commit by 1 developers, 92 lines changed

1 new developer(s)

1 commit by 1 developers, 7425 lines changed

1 commit by 1 developers, 363 lines changed

1 commit by 1 developers, 78030 lines changed

1 commit by 1 developers, 8101 lines changed

2 commits by 1 developers, 2960 lines changed

1 commit by 1 developers, 448 lines changed

1 commit by 1 developers, 158 lines changed

1 new developer(s)

3 commits by 2 developers, 177 lines changed

1 revert commit(s)

1 commit by 1 developers, 28 lines changed

1 new developer(s)

1 commit by 1 developers, 21 lines changed

1 new developer(s)

1 commit by 1 developers, 23 lines changed

3 commits by 3 developers, 39349 lines changed

3 new developer(s)

1 commit by 1 developers, 427 lines changed

1 commit by 1 developers, 4633 lines changed

1 commit by 1 developers, 3013 lines changed

2 commits by 1 developers, 803 lines changed

2 commits by 2 developers, 642 lines changed

1 commit by 1 developers, 28977 lines changed

1 new developer(s)

1 commit by 1 developers, 2687 lines changed

1 commit by 1 developers, 879 lines changed

3 commits by 2 developers, 2228 lines changed

1 new developer(s)

1 refactor commit(s)

2 commits by 1 developers, 548 lines changed

1 commit by 1 developers, 408 lines changed

1 commit by 1 developers, 998 lines changed

1 new developer(s)

1 commit by 1 developers, 296 lines changed

1 commit by 1 developers, 2 lines changed

3 commits by 3 developers, 1790 lines changed

2 new developer(s)

1 commit by 1 developers, 300 lines changed

1 new developer(s)

4 commits by 3 developers, 1208 lines changed

1 commit by 1 developers, 2 lines changed

1 new developer(s)

4 commits by 4 developers, 27239 lines changed

2 new developer(s)

1 commit by 1 developers, 2896 lines changed

1 refactor commit(s)

1 commit by 1 developers, 151 lines changed

2 commits by 1 developers, 26155 lines changed

3 commits by 2 developers, 11540 lines changed

1 new developer(s)

1 commit by 1 developers, 7 lines changed

1 new developer(s)

1 commit by 1 developers, 12 lines changed

1 new developer(s)

1 commit by 1 developers, 398 lines changed

2 commits by 2 developers, 254 lines changed

1 new developer(s)

1 commit by 1 developers, 9 lines changed

1 new developer(s)

2 commits by 2 developers, 367 lines changed

1 new developer(s)

4 commits by 2 developers, 289 lines changed

1 revert commit(s)

1 commit by 1 developers, 207 lines changed

1 new developer(s)

1 commit by 1 developers, 45 lines changed

2 commits by 1 developers, 183 lines changed

1 new developer(s)

1 refactor commit(s)

1 commit by 1 developers, 257 lines changed

3 commits by 3 developers, 356 lines changed

1 new developer(s)

CVE-2016-1625
aka NTP Tabnab