(CVE-2023-26081) Don't autofill passwords in sandboxed contexts (!1275) · Merge requests · GNOME / Epiphany

Michael Catanzaro requested to merge mcatanzaro/unsandboxed-password-manager into master Feb 03, 2023

If using the sandbox CSP or iframe tag, the web content is supposed to be not trusted by the main resource origin. Therefore, we'd better disable the password manager entirely so the untrusted web content cannot exfiltrate passwords.

https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x

(CVE-2023-26081) Don't autofill passwords in sandboxed contexts

Merge request reports