Ubuntu
gnome-shell package

Screen reader reads the data while computer is locked

Bug #1972889 reported by Ivan Roganov on 2022-05-10

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnome-shell (Ubuntu)	Expired	Undecided	Unassigned

Bug Description

# lsb_release -rd
Description: Ubuntu 22.04 LTS
Release: 22.04

# apt-cache policy gnome-shell
gnome-shell:
  Installed: 42.0-2ubuntu1
  Candidate: 42.0-2ubuntu1
  Version table:
*** 42.0-2ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

Ubuntu is installed on a laptop. Within five minutes of inactivity, the screen lock activates and locks the system. Computer is secured. 10 minutes later, my cat (her name is Loaf) comes up to the laptop and sits down on the keyboard. This activates a screen reader. (Shortcut is Alt + Super + S)

What I've expected:
Screen reader would start reading the contents of a lock screen

What happened:
Screen reader app started reading contents of a Brave Browser window that was opened on my desktop. It read all tabs and proceeded reading the opened web page.

I've reported this bug at <email address hidden> and got the following answer:

> Nice find - I am able to reproduce this locally in Ubuntu 22.04 LTS too
> - I suspect this is a vulnerability in gnome-shell as it is
> responsible for handling the lock screen in standard Ubuntu.

As per further directions, I'm posting this bug here and in gnome repo.

P.S. I expect Loaf being credited for this find. She really likes treats.
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu82
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
DisplayManager: gdm3
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2021-10-24 (201 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
Package: gnome-shell 42.0-2ubuntu1
PackageArchitecture: amd64
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/usr/bin/zsh
ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
RelatedPackageVersions: mutter-common 42.0-3ubuntu2
Tags: wayland-session jammy
Uname: Linux 5.15.0-27-generic x86_64
UpgradeStatus: Upgraded to jammy on 2022-04-28 (15 days ago)
UserGroups: adm cdrom dip docker libvirt lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True

See original description

Tags:

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2022-05-10:

Good job Loaf :3

information type:

Private Security → Public Security

Daniel van Vugt (vanvugt) on 2022-05-11

tags:

added: jammy

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2022-05-11:

I can't seem to reproduce the bug. In both Wayland and Xorg sessions pressing Super+Alt+S on the lock screen just reads the lock screen.

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2022-05-11:

Please run:

apport-collect 1972889

so we can see if there's anything unusual about your system.

tags:	added: a11y
Changed in gnome-shell (Ubuntu):
status:	New → Incomplete

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14: Dependencies.txt

Dependencies.txt Edit (23.1 KiB, text/plain)

apport information

tags:	added: apport-collected wayland-session
description:	updated

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14: GsettingsChanges.txt

GsettingsChanges.txt Edit (4.0 KiB, text/plain)

apport information

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14: ProcCpuinfoMinimal.txt

ProcCpuinfoMinimal.txt Edit (1.7 KiB, text/plain)

apport information

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14: ShellJournal.txt

ShellJournal.txt Edit (345.9 KiB, text/plain)

apport information

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14: monitors.xml.txt

monitors.xml.txt Edit (6.7 KiB, text/plain)

apport information

Revision history for this message

Ivan Roganov (newarked) wrote on 2022-05-14:

Also, I want to make sure that we did not miss this part:

Opened browser is Brave. It's a chromium-based browser, and then I would lock a computer, with this, pressing Alt+Super+S would start reading chromium interface.

Chris Guiver (guiverc) on 2022-05-14

Changed in gnome-shell (Ubuntu):
status:	Incomplete → New

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2022-05-16:

#10

Please uninstall these extensions:

'<email address hidden>',
'<email address hidden>',
'<email address hidden>',
'<email address hidden>',
'tiling-assistant@leleat-on-github'

and also run:

cd ~/.local/share/gnome-shell/
rm -rf extensions

and then log in again. Does the bug still happen?

Changed in gnome-shell (Ubuntu):
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-07-16:

#11

[Expired for gnome-shell (Ubuntu) because there has been no activity for 60 days.]

Changed in gnome-shell (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugnome-shell package

Screen reader reads the data while computer is locked

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
gnome-shell package