ubuntu-webapps-bugs team mailing list archive

[Chris Coulson <chris.coulson@xxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

When investigating behavioural differences between Firefox, Chrome and
Oxide, I realized that it looks like we currently don't support Chrome's
CRLSets (https://dev.chromium.org/Home/chromium-security/crlsets), as
this depends on Chrome's component updater.

We do enable support for CRL checking / OCSP in Oxide (which is disabled
in Chrome), so we currently behave much like Firefox.

** Affects: oxide
     Importance: High
     Assignee: Chris Coulson (chrisccoulson)
         Status: Triaged

** Information type changed from Public to Public Security

** Changed in: oxide
   Importance: Undecided => High

** Changed in: oxide
       Status: New => Triaged

** Changed in: oxide
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1402631

Title:
  Add support for Chrome's CRLSets

Status in Oxide Webview:
  Triaged

Bug description:
  When investigating behavioural differences between Firefox, Chrome and
  Oxide, I realized that it looks like we currently don't support
  Chrome's CRLSets (https://dev.chromium.org/Home/chromium-
  security/crlsets), as this depends on Chrome's component updater.

  We do enable support for CRL checking / OCSP in Oxide (which is
  disabled in Chrome), so we currently behave much like Firefox.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1402631/+subscriptions