Skip to content

Commit 27545e3

Browse files
danilsomsikovmibrunin
danilsomsikov
authored and
mibrunin
committed
[Backport] CVE-2025-0443: Insufficient data validation in Extensions
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/5987430: Protect canAccessResource in DevTools API form prototype pollution Bug: 376625003 Change-Id: Ib07a65da8f342c4727bceb6afcbd920bcfd07b81 Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/5987430 Reviewed-by: Philip Pfaffe <[email protected]> Commit-Queue: Danil Somsikov <[email protected]> Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/619214 Reviewed-by: Anu Aliyas <[email protected]>
1 parent 00a1e9e commit 27545e3

File tree

1 file changed

+9
-1
lines changed
  • chromium/third_party/devtools-frontend/src/front_end/models/extensions

1 file changed

+9
-1
lines changed

chromium/third_party/devtools-frontend/src/front_end/models/extensions/ExtensionAPI.ts

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1172,9 +1172,17 @@ self.injectedExtensionAPI = function(
11721172
this.onRecordingStopped = new (Constructor(EventSink))(PrivateAPI.Events.RecordingStopped + id);
11731173
}
11741174

1175+
const protocolGet = Object.getOwnPropertyDescriptor(URL.prototype, 'protocol')?.get;
1176+
function getProtocol(url: string): string {
1177+
if (!protocolGet) {
1178+
throw new Error('URL.protocol is not available');
1179+
}
1180+
return protocolGet.call(new URL(url));
1181+
}
1182+
11751183
function canAccessResource(resource: APIImpl.ResourceData): boolean {
11761184
try {
1177-
return extensionInfo.allowFileAccess || (new URL(resource.url)).protocol !== 'file:';
1185+
return extensionInfo.allowFileAccess || getProtocol(resource.url) !== 'file:';
11781186
} catch (e) {
11791187
return false;
11801188
}

0 commit comments

Comments
 (0)