Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content picker security: a compromised renderer can add a rule for another host #40994

Closed
atuchin-m opened this issue Sep 11, 2024 · 2 comments
Closed

Content picker security: a compromised renderer can add a rule for another host #40994

atuchin-m opened this issue Sep 11, 2024 · 2 comments
Assignees
@atuchin-m
Labels
dev-concern feature/shields The overall Shields feature in Brave. OS/Desktop QA/No release-notes/exclude sec-low security
Milestone
1.71.x - Beta

Comments

@atuchin-m
Copy link
Contributor

Description

Open devtools and call this in release/beta Brave (without the recent changes) for Brave Extension context:

  chrome.runtime.sendMessage({
        type: 'cosmeticFilterCreate',
        selector: '.fake\ngoogle.com##div'
      })

It actually adds 2 rules instead of one.

image
@atuchin-m atuchin-m added feature/shields The overall Shields feature in Brave. security dev-concern labels Sep 11, 2024
@atuchin-m atuchin-m mentioned this issue Sep 12, 2024
Merged
24 tasks
@atuchin-m
Copy link
Contributor Author

cc @antonok-edm

@atuchin-m
Copy link
Contributor Author

the issue is resolved by brave/brave-core@c7c0f9c#r1752318532

@kjozwiak kjozwiak added this to the 1.71.x - Beta milestone Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atuchin-m atuchin-m

Labels
dev-concern feature/shields The overall Shields feature in Brave. OS/Desktop QA/No release-notes/exclude sec-low security
Projects
None yet
Milestone
1.71.x - Beta
Development

No branches or pull requests
3 participants
@fmarier @kjozwiak @atuchin-m