Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Desktop] [Security] BraveAutocompleteProviderClientForClassifier is leaking OTR profile data #9239

Closed
mkarolin opened this issue Apr 15, 2020 · 2 comments · Fixed by brave/brave-core#5407
Closed

[Desktop] [Security] BraveAutocompleteProviderClientForClassifier is leaking OTR profile data #9239

mkarolin opened this issue Apr 15, 2020 · 2 comments · Fixed by brave/brave-core#5407
Assignees
@simonhong
Labels
feature/autocomplete feature/private-browsing priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.11.x - Release #1

Comments

@mkarolin
Copy link
Contributor

mkarolin commented Apr 15, 2020
edited by bsclifton
Loading

Test plan

Description

This is a follow-up issue for brave/brave-core#5221.
See brave/brave-core#5221 (comment)

When using a Private window, BraveAutocompleteProviderClientForClassifier is likely leaking OTR autocomplete data into the regular profile.

STR: See #1758

cc: @simonhong
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. and removed dev-concern labels Apr 15, 2020
@simonhong
Copy link
Member

BraveAutocompleteProviderClientForClassifier is introduced to fix #1037. Original PR is brave/brave-core#757. Need to find another way to fix original issue.

@simonhong simonhong self-assigned this Apr 16, 2020
@simonhong simonhong added this to the 1.10.x - Nightly milestone Apr 28, 2020
@simonhong simonhong mentioned this issue Apr 28, 2020
Merged
32 tasks
@LaurenWags LaurenWags changed the title BraveAutocompleteProviderClientForClassifier is leaking OTR profile data. [Security] BraveAutocompleteProviderClientForClassifier is leaking OTR profile data. Jun 16, 2020
@LaurenWags
Copy link
Member

LaurenWags commented Jun 25, 2020
edited
Loading

Verified passed with

Brave | 1.11.75 Chromium: 83.0.4103.116 (Official Build) dev (64-bit)
-- | --
Revision | 8f0c18b4dca9b6699eb629be0f51810c24fb6428-refs/branch-heads/4103@{#716}
OS | macOS Version 10.14.6 (Build 18G3020)

Verification passed on


Brave | 1.11.80 Chromium: 83.0.4103.116 (Official Build) dev (64-bit)
-- | --
Revision | 8f0c18b4dca9b6699eb629be0f51810c24fb6428-refs/branch-heads/4103@{#716}
OS | Windows 10 OS Version 1903 (Build 18362.900)

Verified passed with

Brave	1.11.80 Chromium: 83.0.4103.116 (Official Build) dev (64-bit)
Revision	8f0c18b4dca9b6699eb629be0f51810c24fb6428-refs/branch-heads/4103@{#716}
OS	Linux

@rebron rebron changed the title [Security] BraveAutocompleteProviderClientForClassifier is leaking OTR profile data. [Desktop] [Security] BraveAutocompleteProviderClientForClassifier is leaking OTR profile data Jul 14, 2020
@LaurenWags LaurenWags mentioned this issue Jul 15, 2020
Closed
@emerick emerick mentioned this issue Dec 24, 2024
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simonhong simonhong

Labels
feature/autocomplete feature/private-browsing priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.11.x - Release #1
Development

Successfully merging a pull request may close this issue.

Use temporal AutocompleteClassifier to get proper selection navigation url brave/brave-core
6 participants
@diracdeltas @bsclifton @simonhong @LaurenWags @GeetaSarvadnya @mkarolin