Long running unload handler can cause incognito BrowserContext to be reused

Bug #1626099 reported by Chris Coulson on 2016-09-21
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Medium
Chris Coulson
1.18
Medium
Chris Coulson

Bug Description

We discard the incognito BrowserContext when there are no more WebViews using it, but we have to delay discarding it until all render processes using it have gone away.

It's possible for a long running unload handler to keep the BrowserContext alive for long enough for it to be re-used in situations when the application should expect to get a fresh incognito BrowserContext (ie, opening an incognito WebView after closing all existing ones).

Changed in oxide:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Chris Coulson (chrisccoulson)
milestone: none → branch-1.19
Changed in oxide:
status: In Progress → Fix Released
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers