/[chrome]
Chromium logo

Revision 237115


Jump to revision: Previous Next
Author: guohui@chromium.org
Date: Mon Nov 25 19:12:18 2013 UTC (9 years, 5 months ago)
Changed paths: 4
Log Message:
Security fix for untrusted signin confirm dialog

When the window associated with the confirm dialog is closed without user clicking 'ok got it', chrome starts sync with default settings. This could be exploited to sign a user's Chrome into an attacker's account, as reported in crbug 321940.

BUG=321940

Review URL: https://codereview.chromium.org/79553004

Changed paths

Path Details
Directorytrunk/src/chrome/browser/ui/cocoa/one_click_signin_dialog_controller_browsertest.mm modified , text changed
Directorytrunk/src/chrome/browser/ui/cocoa/one_click_signin_view_controller.mm modified , text changed
Directorytrunk/src/chrome/browser/ui/views/sync/one_click_signin_bubble_view.cc modified , text changed
Directorytrunk/src/chrome/browser/ui/views/sync/one_click_signin_bubble_view_unittest.cc modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help