Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

block window.ethereum completely in 3p iframes #22686

Closed
diracdeltas opened this issue May 4, 2022 · 3 comments · Fixed by brave/brave-core#13268
Closed

block window.ethereum completely in 3p iframes #22686

diracdeltas opened this issue May 4, 2022 · 3 comments · Fixed by brave/brave-core#13268
Assignees
@darkdh
Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.39.x - Release

Comments

@diracdeltas
Copy link
Member

see https://bravesoftware.slack.com/archives/C023VS4HJ6Q/p1651599186158609?thread_ts=1651594604.627819&cid=C023VS4HJ6Q for details
@diracdeltas diracdeltas added security feature/web3/wallet Integrating Ethereum+ wallet support OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. labels May 4, 2022
@darkdh darkdh self-assigned this May 9, 2022
@darkdh darkdh mentioned this issue May 9, 2022
Merged
25 tasks
@darkdh darkdh added this to the 1.40.x - Nightly milestone May 10, 2022
@darkdh darkdh mentioned this issue May 10, 2022
Merged
7 tasks
@kjozwiak
Copy link
Member

The above will require 1.39.101 or higher for 1.39.x verification.

@srirambv
Copy link
Contributor

Brave 1.39.101 Chromium: 101.0.4951.64 (Official Build) beta (64-bit)
Revision d1daa9897e1bc1d507d6be8f2346e377e5505905-refs/branch-heads/4951@{#1208}
OS ☑️ Linux ☑️ Windows 11 Version Dev
(Build 22616.1) 		☑️ macOS Version 12.0.1
(Build 21C52)
Same origin
22686-Same.Origin.Linux.mp4
22686-Same.Origin.Win.mov
22686-Same.Origin.macOS.mov
Third party origin
22686-Third.Party.Origin.Linux.mp4
22686-Third.Party.Origin.Win.mov
22686-Third.Party.Origin.macOS.mov

@LaurenWags LaurenWags mentioned this issue May 23, 2022
Closed
@kjozwiak kjozwiak mentioned this issue May 25, 2022
Closed
avinassh pushed a commit to avinassh/brave-browser-hardening that referenced this issue May 29, 2022
Brave Browser 1.39.111
6b60f4b 
 - Added Solana support for account creation, sending SOL and sending SPL tokens with Brave Wallet. ([#22348](brave/brave-browser#22348))
 - Added the ability to buy with Ramp using Brave Wallet. ([#21639](brave/brave-browser#21639))
 - Added JSONSanitizer to API helper requests for Brave Wallet. ([#21831](brave/brave-browser#21831))
 - Added Dapp UI for requesting a public key and for decrypting ciphers using Brave Wallet. ([#21177](brave/brave-browser#21177))
 - Added web3_clientVersion support for Brave Wallet. ([#19278](brave/brave-browser#19278))
 - Added the ability to allow users to search sites for RSS feeds for Brave News. ([#21768](brave/brave-browser#21768))
 - Added support for blob partitioning. ([#21746](brave/brave-browser#21746))
 - Added minimum macOS version for Sparkle update process. ([#22918](brave/brave-browser#22918))
 - [Security] Blocked "window.ethereum" completely in third party iframes. ([#22686](brave/brave-browser#22686))
 - [Security] Updated Brave Wallet panel to prominently display eTLD+1 as reported on HackerOne by renekroka. ([#21787](brave/brave-browser#21787))
 - [Security] Fixed incorrect origin being displayed in Brave Wallet when a spend approval is pending. ([#19557](brave/brave-browser#19557))
 - Implemented eth_getEncryptionPublicKey for Brave Wallet. ([#19276](brave/brave-browser#19276))
 - Implemented account discovery when restoring Brave Wallet. ([#18104](brave/brave-browser#18104))
 - Updated Omaha installer version for Windows to v1.3.36.113. ([#22060](brave/brave-browser#22060))
 - Updated default IPFS configuration values. ([#22068](brave/brave-browser#22068))
 - Updated Gas Limit validation and error messaging for unapproved transactions with Brave Wallet. ([#21714](brave/brave-browser#21714))
 - Updated Brave Wallet to automatically add swap taker asset to the visible asset list. ([#21428](brave/brave-browser#21428))
 - Updated Brave Wallet portfolio network filter for multichain support. ([#20780](brave/brave-browser#20780))
 - Reduced adblock filter memory usage by optimizing unused regex rules. ([#21970](brave/brave-browser#21970))
 - Removed known Dialog Insight user tracking parameters from URLs. ([#22082](brave/brave-browser#22082))
 - Removed ability to swap ERC721 tokens with Brave Wallet. ([#21550](brave/brave-browser#21550))
 - Fixed crash which occurred when opening Brave Shields while using Google Meet. ([#22814](brave/brave-browser#22814))
 - Fixed inability to rename Solana account in Brave Wallet after it has been created. ([#22958](brave/brave-browser#22958))
 - Fixed incorrectly computed insufficient funds errors in Brave Wallet. ([#22877](brave/brave-browser#22877))
 - Fixed ERC20 and ERC721 transfers being incorrectly displayed as ETH transfers in the Brave Wallet transactions panel. ([#22044](brave/brave-browser#22044))
 - Fixed text alignment issues under the Brave Wallet "Recent transactions" panel when using long account names. ([#21216](brave/brave-browser#21216))
 - Fixed breakage in webpack build caused by OpenSSL 3.0. ([#22305](brave/brave-browser#22305))
 - Fixed two windows being opened on launch when the browser was installed without administrator privileges on Windows. ([#22179](brave/brave-browser#22179))
 - Upgraded Chromium to 102.0.5005.61. ([#22923](brave/brave-browser#22923)) ([Changelog for 102.0.5005.61](https://chromium.googlesource.com/chromium/src/+log/101.0.4951.67..102.0.5005.61?pretty=fuller&n=1000))
@bbondy bbondy mentioned this issue May 30, 2022
Closed
@bbondy
Copy link
Member

bbondy commented May 30, 2022

This is causing ImmutableX Dapp to stop working on all channels: #23142

@omarsy omarsy mentioned this issue Jun 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@darkdh darkdh

Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
Web3
Archived in project
Milestone
1.39.x - Release
Development

Successfully merging a pull request may close this issue.

Prevent brave wallet providers from being generated in third party iframe brave/brave-core
5 participants
@diracdeltas @bbondy @kjozwiak @darkdh @srirambv