ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1431484] Re: BrowserContext should not be deleted until all RenderProcessHosts using it are gone

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chris.coulson@xxxxxxxxxxxxx>
Date: Fri, 10 Apr 2015 09:29:26 -0000
Reply-to: Bug 1431484 <1431484@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: oxide/1.6
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1431484

Title:
  BrowserContext should not be deleted until all RenderProcessHosts
  using it are gone

Status in Oxide Webview:
  Fix Released
Status in Oxide 1.5 series:
  Fix Released
Status in Oxide 1.6 series:
  Fix Released

Bug description:
  Currently Oxide keeps a BrowserContext alive as long as there are
  WebContents that are still using it (WebContents being owned by the
  WebView). However, deleting all WebContents isn't a guarantee that any
  associated RenderProcessHost instances are also deleted, as a render
  process can be kept alive by shared / service workers that are busy.
  In this case, RenderProcessHost will be left with a dangling pointer
  to its BrowserContext, resulting in a potentially exploitable use-
  after-free in the browser process.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1431484/+subscriptions