Comment #24 on issue 27431 by [email protected]: Special extension install mode for gallery http://code.google.com/p/chromium/issues/detail?id=27431
@Sumit: If i understand your previous posts, your concern for XSRF is over a malicious user giving a victim a direct link to the download (the clients2.google.com site) which might silently install. However, clients2.google.com is not getting special permission; chrome.google.com/extensions is. The special permission is on the site that hosts the link to the download, not the site that serves (or redirects to) the download. If a third party site gives a direct link to clients2.google.com, the user will still be prompted for permission. Likewise, a referrer check does not help. The validation is happening too late in the process after trust has been established. An example of an XSRF attack would be if it were possible to create a link like: https://chrome.google.com/extensions/installnow?id=foo The concern in vulnerability 1 above is the (trusted) gallery itself having links that point to untrusted sites. You could say that my idea is one way to enforce a token, as you suggest. The token is simply the extension id itself. The trusted gallery presents the id to the browser, which downloads the bits and validates that the id matches. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
