Google Git
Sign in
chromium / chromium / src / 4c9cc9de3bcd1c0919975384ea0ee97f994777a0
commit4c9cc9de3bcd1c0919975384ea0ee97f994777a0[log] [tgz]
authorAlex Moshchuk <alexmos@chromium.org>Tue Sep 30 19:21:49 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 30 19:21:49 2025
tree61b499f2fbaf33d66d243ae48124b45901854d57
parent81a154c4d08b5205bb010d84046a28716c9fec86 [diff]
Enable `kCommittedOriginEnforcements` by default.

This enables committed origin enforcements by default. These
enforcements will now be used instead of jail/citadel enforcements for
performing all ChildProcessSecurityPolicy::CanAccessOrigin checks,
except those that check whether a new origin can be committed into a
process (which still requires the old-style checks). The feature is kept
around as a kill switch.

Note that some known discrepancies between old and new checks were
investigated in https://crbug.com/441327472 and ultimately determined
not to be blockers for launching this feature. Most of them are
suspected to be caused by bugs in jail/citadel enforcements, where the
new enforcements will likely prevent renderer kills on legitimate sites.
One case (https://crbug.com/447555061, involving push messaging in
certain same-site cross-origin cases) might be introducing new renderer
kills, where it's not yet clear whether it's a bug or a security
improvement, but its volume is very small, much much smaller than
the renderer kills we're fixing, resulting in a good trade-off.

Mismatches between the new and old checks will continue to generate
DumpWithoutCrashing reports even with kCommittedOriginEnforcements
enabled. This will allow us to continue tracking and investigating the
remaining mismatches between the two checks.

Enabled-by-default-reason: launching
Bug: 40148776
Change-Id: I89f888c54fd187bf78057607866be31e100cc1ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6975176
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1523056}
1 file changed
tree: 61b499f2fbaf33d66d243ae48124b45901854d57
  1. .gemini/
  2. .github/
  3. agents/
  4. android_webview/
  5. apps/
  6. ash/
  7. base/
  8. build/
  9. build_overrides/
  10. buildtools/
  11. cc/
  12. chrome/
  13. chromecast/
  14. chromeos/
  15. codelabs/
  16. components/
  17. content/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. fuchsia_web/
  24. gin/
  25. google_apis/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. media/
  32. mojo/
  33. net/
  34. pdf/
  35. printing/
  36. remoting/
  37. rlz/
  38. sandbox/
  39. services/
  40. skia/
  41. sql/
  42. storage/
  43. styleguide/
  44. testing/
  45. third_party/
  46. tools/
  47. ui/
  48. url/
  49. webkit/
  50. clank
  51. clusterfuzz-data
  52. internal
  53. ios_internal
  54. signing_keys
  55. v8
  56. .clang-format
  57. .clang-tidy
  58. .clangd
  59. .cursorignore
  60. .geminiignore
  61. .git-blame-ignore-revs
  62. .gitallowed
  63. .gitattributes
  64. .gitignore
  65. .gitmodules
  66. .gn
  67. .mailmap
  68. .rustfmt.toml
  69. .vpython3
  70. .yapfignore
  71. ATL_OWNERS
  72. AUTHORS
  73. BUILD.gn
  74. CODE_OF_CONDUCT.md
  75. codereview.settings
  76. CPPLINT.cfg
  77. CRYPTO_OWNERS
  78. DEPS
  79. DIR_METADATA
  80. LICENSE
  81. LICENSE.chromium_os
  82. OWNERS
  83. PRESUBMIT.py
  84. PRESUBMIT_test.py
  85. PRESUBMIT_test_mocks.py
  86. README.md
  87. SECURITY_OWNERS
  88. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.