Updates:
Cc: [email protected]
Comment #21 on issue 27431 by [email protected]: Special extension
install mode for gallery
http://code.google.com/p/chromium/issues/detail?id=27431
I think we could be more confident in the overall security if we limit the
scope of what the gallery is being given
permission to do. Here's the flow I'd prefer:
1. Gallery tells Chrome, hey install extension with ID foo.
2. Chrome asks Omaha (whose URL is hard-coded in Chrome), hey give me the
extension with ID foo. This request can be
insecure.
3. Chrome compares the ID of the blob it got with foo. If they match, the
blob is installed.
Otherwise, if we automatically trust any url given by the gallery, I
foresee these vulnerabilities:
1. We plan to let extension authors add links from their descriptions.
Suppose their link was a direct link to a
.crx file? As I understand it, it would get silently installed as is.
2. Suppose something went wrong in a chrome release and we accidentally
treated all websites as gallery-trusted.
With the current implementation, someone could install any extension on
anyone's machine. In my flow, users would
only be able to install gallery-hosted extensions.
Googlers can see slide 5 of this presentation for more details:
https://docs.google.com/a/google.com/present/edit?
id=0AbMzvUOAVS0SY2Z3emhoaDdfMTFnZmZ4NThndg&hl=en
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
