PSA: A few bugs in the Chromium implementation

1,005 views
Skip to first unread message

Charles Harrison

unread,
Nov 16, 2022, 11:00:39 AM11/16/22
to attribution-re...@chromium.org, John Delaney, apase...@chromium.org

Hello everyone, I wanted to bring a few issues we recently found to your attention.


1. Context-menu attributionsrc bugs 


The API currently hooks up with the context menu (e.g. right clicking on a link and opening in a new tab), so that the attributionsrc API works even in these cases. This behavior is not specified, as the context menu is browser-specific behavior. There were a few  bugs recently discovered with this integration:


  1. crbug.com/1381123 (not yet fixed): Background pings are sent at context menu creation time, not at navigation time. Registration will fail if the user never navigates.

  2. crbug.com/1381480 (Fixed in M109): The foreground path registering sources on context menu clicks was broken for invalid `attributionsrc` attributes.

  3. crbug.com/1381478 (Fixed in M109): The background path for registration on context menu clicks was incorrectly sent to the current page’s URL if the `attributionsrc` attribute was empty.


The first of these bugs is proving fairly difficult to solve, as the context menu navigations are implemented in a separate process from the rest of the `attributionsrc` handling. Given that, and the fact that these navigations are not formally specified, we are considering removing support for context menu navigations.


We will collect some metrics to share and send a follow-up if we have any updates.


2. Race condition in AttributionSrcLoader (crbug.com/1374121)


The API relies on response header processing in the renderer process to extract configuration for registering sources and triggers. However, there are some cases where, for security reasons, Chrome freezes pages that are being navigated away from / unloaded, even if there are ongoing keepalive requests being handled. This means that we may lose some registrations if the request is sent out, and the page is frozen before response headers can be processed.


Currently, we don’t know the full impact of this bug, but it is likely to impact cases where registration occurs close in time to the page navigating or being closed, for instance, in cases where ad clicks navigate the current page rather than opening up a new tab.


Unfortunately, fixing this requires re-architecting some code out of the renderer process. We are designing a solution to this bug now.


Thanks all! If you want to track the status of these bugs, feel free to "star" them in the monorail UI.

Akash Nadan

unread,
Mar 24, 2023, 12:56:48 PM3/24/23
to Attribution Reporting API announcements, cshar...@chromium.org, john...@chromium.org, apase...@chromium.org

Hi all, I wanted to provide an update on one of the context menu attributionsrc bugs.

  1. crbug.com/1381123: Background pings are sent at context menu creation time, not at navigation time. Registration will fail if the user never navigates.

We have decided to temporarily remove support for background pings on context menus. This means only the foreground path will be available for context menus. We found that context menus that are opened without navigating may appear as unexpected loss from the API and additionally cause a memory leak.

We are investigating various long term solutions for this bug and will update once we have one and plan to reimplement background pings on context menus.

Thanks all!

Reply all
Reply to author
Forward
0 new messages