[webkit-changes] [WebKit/WebKit] 315ac3: Message check security origin during webauthn calls

Tue, 16 Jun 2026 13:59:13 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 315ac3073a08ffac128b256244e4ce12d049d4d1
      
https://github.com/WebKit/WebKit/commit/315ac3073a08ffac128b256244e4ce12d049d4d1
  Author: Pascoe <[email protected]>
  Date:   2026-06-16 (Tue, 16 Jun 2026)

  Changed paths:
    A 
LayoutTests/http/tests/ipc/web-authenticator-get-assertion-spoofed-origin-crash-expected.txt
    A 
LayoutTests/http/tests/ipc/web-authenticator-get-assertion-spoofed-origin-crash.html
    A 
LayoutTests/http/tests/ipc/web-authenticator-make-credential-spoofed-origin-crash-expected.txt
    A 
LayoutTests/http/tests/ipc/web-authenticator-make-credential-spoofed-origin-crash.html
    M LayoutTests/platform/wk2/TestExpectations
    M 
Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
    M 
Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h

  Log Message:
  -----------
  Message check security origin during webauthn calls
https://bugs.webkit.org/show_bug.cgi?id=311432
rdar://172383653

Reviewed by Charlie Wolfe.

A compromised WebContent process could spoof the securityOrigin in
FrameInfoData or the parentOrigin parameter when sending WebAuthn
MakeCredential/GetAssertion IPC messages to the UI process. This
would let an attacker page impersonate a different origin (e.g.
a bank) for credential creation or assertion.

This patch adds MESSAGE_CHECKs to prevent that.

Tests: http/tests/ipc/web-authenticator-get-assertion-spoofed-origin-crash.html
       
http/tests/ipc/web-authenticator-make-credential-spoofed-origin-crash.html

* 
LayoutTests/http/tests/ipc/web-authenticator-get-assertion-spoofed-origin-crash-expected.txt:
 Added.
* 
LayoutTests/http/tests/ipc/web-authenticator-get-assertion-spoofed-origin-crash.html:
 Added.
* 
LayoutTests/http/tests/ipc/web-authenticator-make-credential-spoofed-origin-crash-expected.txt:
 Added.
* 
LayoutTests/http/tests/ipc/web-authenticator-make-credential-spoofed-origin-crash.html:
 Added.
* LayoutTests/platform/wk2/TestExpectations: Skip the WebContent-terminating
origin-spoof tests in Debug, matching the other IPC MESSAGE_CHECK tests that
crash (as expected) in debug.
* 
Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
(WebKit::WebAuthenticatorCoordinatorProxy::makeCredential):
(WebKit::WebAuthenticatorCoordinatorProxy::getAssertion):
* Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.h:

Originally-landed-as: 305413.645@rapid/safari-7624.2.5.110-branch 
(b03dc2a73211). rdar://176059128
Canonical link: https://commits.webkit.org/315323@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to