Comment #27 on issue 27431 by [email protected]: Special extension install mode for gallery http://code.google.com/p/chromium/issues/detail?id=27431
I decided to split this change into multiple patches. I've sent out the first patch for review to creis and abarth (again). The first patch implements process isolation for the gallery urls and adds a privilege bit to that process which is currently given no additional abilities. Per the discussion here and offline with sumit and erikkay, the process isolation alone is insufficient protection inside the client. There is already code in place that marks extension downloads as dangerous in the browser process if they have a non- gallery referrer or url. I believe this takes care of the gallery pointing to untrusted download link or vice versa. Additionally, a non-gallery url pointing to a gallery download will not be granted the silent install privilege. Additionally, there is the concern about a gallery page linking to another valid (but different) gallery extension install. The solution we arrived at for this was to verify the extension id in the crx against the expected id from the gallery page. So, here's my read of what remains (for the client) to be done beyond process isolation: 1) Allow silent installs within the download manager for privileged gallery pages -Implement id checking (gallery url -> crx). -Do not allow silent installation for NPAPI extensions. 2) Polish the UI flow for the silent install case -Hide the "loading" panel for all extension installs. -Add undo and manage buttons to the ExtensionInstalledBubble. -(If possible) delay showing the download shelf for the first 1s. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
