Did not store passwords

Bug #743494 reported by EricDHH on 2011-03-27
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Chromium Browser
Unknown
Unknown
chromium-browser (Ubuntu)
High
Fabien Tassin
Natty
High
Fabien Tassin

Bug Description

WORKAROUND:
Google has instructions for recovering passwords here:
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=1230517
According to the upstream bug, you might need to specify --password-store=gnome instead of --password-store=detect if the former doesn't work.

--------------------------------------------------

Binary package hint: chromium-browser

10.0.648.204 (79063) Ubuntu 11.04

This updated version lost all passwords that was saved in earlier versions. New entered passwords only be remembered till the browser was closed once, then they are lost. The password storage is broken completely within this version.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: chromium-browser 10.0.648.204~r79063-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-7.39-genusername 2.6.38
Uname: Linux 2.6.38-7-generic i686
Architecture: i386
Date: Sun Mar 27 09:29:40 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110318)
ProcEnviron:
 LANGUAGE=de_DE:en
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to natty on 2011-03-25 (2 days ago)
chromium-default: CHROMIUM_FLAGS=""

EricDHH (ericdhh) wrote :
Micah Gersten (micahg) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at: http://code.google.com/p/chromium/issues/detail?id=77328
Please report any other issues you may find.

Changed in chromium-browser (Ubuntu):
importance: Undecided → High
status: New → Triaged
tags: added: regression-release
Micah Gersten (micahg) wrote :

Targetting to natty-updates since this won't be fixed before release

Changed in chromium-browser (Ubuntu Natty):
milestone: none → natty-updates
description: updated
Elliot Glaysher (glaysher) wrote :

This is a theoretical fix to the deadlock issue which should make it onto the M12 branch (http://codereview.chromium.org/6878038/). It is not entirely tested (and there's currently a weird crash regression in the sync code on trunk right now). I'd like to hammer on it a little bit more before I'd feel comfortable suggestion that it be backported to M11 (where it won't be), but it is being worked on upstream.

Elliot Glaysher (glaysher) wrote :

The problem has theoretically been fixed on and for the M12 branch.

It has not been fixed for M11 (and won't be) and can't be backported to M10. Attached is a combined fix that I've tested on the M11 branch; it should apply cleanly.

Fabien Tassin (fta) wrote :

Excellent. Thanks!

Actions for me:
- land the patch in -beta
- grab the detection part of the fix from trunk and land it in -dev

and wait for -stable to reach M11.

tags: added: patch
Fabien Tassin (fta) on 2011-04-26
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (3.8 KiB)

This bug was fixed in the package chromium-browser - 11.0.696.57~r82915-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.57~r82915-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New Major upstream release from the Stable Channel (LP: #771935)
    This release fixes the following security issues:
    + WebKit issues:
      - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
        Credit to Scott Hess of the Chromium development community and Martin
        Barbella.
      - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
        Chamal De Silva.
      - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
        Credit to Kostya Serebryany of the Chromium development community.
      - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
        Credit to miaubiz.
      - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
        Credit to kuzzcc.
      - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
        Credit to Jose A. Vazquez.
      - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
        Credit to Michael Griffiths.
      - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
        Credit to Sergey Glazunov and wushi of team 509.
      - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
        Martin Barbella.
      - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
        wushi of team509.
      - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
        with navigation errors and interrupted loads. Credit to kuzzcc.
      - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
        Credit to miaubiz.
      - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
        Credit to wushi of team509.
      - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
        Marek Majkowski.
      - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
        Sergey Glazunov.
      - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
        to Sergey Glazunov.
    + Chromium issues:
      - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
        Credit to Aki Helin.
      - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
        capture local files. Credit to Cole Snodgrass.
      - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
        interaction with X. Credit to miaubiz.
      - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
        to Dan Rosenberg.
      - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
        to kuzzcc.
      - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
        reload. Credit to Jordi Chancel.
      - [74763] High, CVE-2011-1439: Prevent interference between renderer
        processes. Credit to Julien Tinnes of the Google Security Team.
  * Fix the password store regression from the last Chromium 10 update.
    Backport from trunk provided by Elliot Glaysher from...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package chromium-browser - 11.0.696.57~r82915-0ubuntu0.11.04.1

---------------
chromium-browser (11.0.696.57~r82915-0ubuntu0.11.04.1) natty-security; urgency=high

  * New Major upstream release from the Stable Channel (LP: #771935)
    This release fixes the following security issues:
    + WebKit issues:
      - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
        Credit to Scott Hess of the Chromium development community and Martin
        Barbella.
      - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
        Chamal De Silva.
      - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
        Credit to Kostya Serebryany of the Chromium development community.
      - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
        Credit to miaubiz.
      - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
        Credit to kuzzcc.
      - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
        Credit to Jose A. Vazquez.
      - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
        Credit to Michael Griffiths.
      - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
        Credit to Sergey Glazunov and wushi of team 509.
      - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
        Martin Barbella.
      - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
        wushi of team509.
      - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
        with navigation errors and interrupted loads. Credit to kuzzcc.
      - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
        Credit to miaubiz.
      - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
        Credit to wushi of team509.
      - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
        Marek Majkowski.
      - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
        Sergey Glazunov.
      - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
        to Sergey Glazunov.
    + Chromium issues:
      - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
        Credit to Aki Helin.
      - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
        capture local files. Credit to Cole Snodgrass.
      - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
        interaction with X. Credit to miaubiz.
      - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
        to Dan Rosenberg.
      - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
        to kuzzcc.
      - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
        reload. Credit to Jordi Chancel.
      - [74763] High, CVE-2011-1439: Prevent interference between renderer
        processes. Credit to Julien Tinnes of the Google Security Team.
  * Fix the password store regression from the last Chromium 10 update.
    Backport from trunk provided by Elliot Glaysher from...

Read more...

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.