angler-fishThe Vulnerability History Project

Ensure that privates are private.

      - Remove JS code injection functionality from UtilsNativeHandler.
- Ensure that utils.expose only exposes public properties.
- Prevent privates from getting poisoned via arbitrary constructor invocations.
- Prevent privates from leaking through prototypes.

BUG=603748

Review URL: https://codereview.chromium.org/1903303002

Cr-Commit-Position: refs/heads/master@{#389292}
by Natalie the Sumatran Elephant 2016-04-22 23:16:54 UTC
commit 77e0fbe12e32b16d5c1d7c0380b45fde363004b2
Chromium Fix CVE-2016-1687
chrome/renderer/resources/extensions/automation/automation_event.js
+5 -15
chrome/renderer/resources/extensions/automation/automation_node.js
+40 -51
chrome/renderer/resources/extensions/enterprise_platform_keys/key_pair.js
+3 -11
chrome/renderer/resources/extensions/enterprise_platform_keys/subtle_crypto.js
+9 -12
chrome/renderer/resources/extensions/enterprise_platform_keys/token.js
+2 -11
chrome/renderer/resources/extensions/platform_keys/key.js
+4 -11
chrome/renderer/resources/extensions/platform_keys/subtle_crypto.js
+6 -12
chrome/renderer/resources/extensions/web_view/chrome_web_view.js
+6 -14
extensions/renderer/module_system.cc
-4
extensions/renderer/module_system_unittest.cc
-10
extensions/renderer/resources/event.js
+11 -16
extensions/renderer/resources/messaging.js
+9 -14
extensions/renderer/resources/utils.js
+16 -65
extensions/renderer/resources/web_request_internal_custom_bindings.js
+11 -14
extensions/renderer/safe_builtins.cc
+1 -1
extensions/renderer/utils_native_handler.cc
+65
extensions/renderer/utils_native_handler.h
+5
extensions/test/data/utils_unittest.js
+14 -24
expand_less