Opened 6 years ago

Last modified 14 months ago

#8534 new defect

[CHROME] Cookies can bleed to/from incognito mode

Reported by: pde Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: mikeperry, bram@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This would be an urgent bug, except for the fact that HTTPS Everywhere does not run in Chrome's incognito mode unless the user manually enables it in about:extensions.

Bram reported seeing google login state bleeding across the incognito/normal boundary.

We need to repro this, check whether it's specific to Google (Chrome has its own notion of "logged in", so that might be relevant), and fix.

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by mikeperry

Turns out this appears to be an Chrome API bug. We're getting the onCookieChanged event, and the cookie we get in that event has a storeId of 0 regardless of where it comes from (Incognito or not). We then turn right around and set the secure flag on the cookie and issue a cookies.set(cookie). Since the storeId is still the default store, the cookie leaks to normal mode.

comment:2 Changed 14 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.