ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #02026
[Bug 1402631] [NEW] Add support for Chrome's CRLSets
*** This bug is a security vulnerability ***
Public security bug reported:
When investigating behavioural differences between Firefox, Chrome and
Oxide, I realized that it looks like we currently don't support Chrome's
CRLSets (https://dev.chromium.org/Home/chromium-security/crlsets), as
this depends on Chrome's component updater.
We do enable support for CRL checking / OCSP in Oxide (which is disabled
in Chrome), so we currently behave much like Firefox.
** Affects: oxide
Importance: High
Assignee: Chris Coulson (chrisccoulson)
Status: Triaged
** Information type changed from Public to Public Security
** Changed in: oxide
Importance: Undecided => High
** Changed in: oxide
Status: New => Triaged
** Changed in: oxide
Assignee: (unassigned) => Chris Coulson (chrisccoulson)
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1402631
Title:
Add support for Chrome's CRLSets
Status in Oxide Webview:
Triaged
Bug description:
When investigating behavioural differences between Firefox, Chrome and
Oxide, I realized that it looks like we currently don't support
Chrome's CRLSets (https://dev.chromium.org/Home/chromium-
security/crlsets), as this depends on Chrome's component updater.
We do enable support for CRL checking / OCSP in Oxide (which is
disabled in Chrome), so we currently behave much like Firefox.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1402631/+subscriptions
Follow ups
References