v1.58.4.0 fix: scope /health bootstrap token to pinned extension + patch dependency CVEs#2062
Open
Saimoguloju wants to merge 3 commits into
Open
v1.58.4.0 fix: scope /health bootstrap token to pinned extension + patch dependency CVEs#2062Saimoguloju wants to merge 3 commits into
Saimoguloju wants to merge 3 commits into
Conversation
/health handed the root AUTH_TOKEN to ANY chrome-extension:// origin, so a second extension on the same machine could scrape it and drive every browse-server endpoint (privilege escalation). Gate the extension-origin path on an exact chrome-extension://<BROWSE_EXTENSION_ID> match when the id is pinned, mirroring the existing /ws origin gate in terminal-agent.ts. Unset id = unchanged behavior, so this is opt-in tightening, not a break. Adds a regression test pinning the gate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bun audit flagged 37 advisories. Bump the direct deps we control (@anthropic-ai/sdk 0.78.0->0.91.1 insecure file perms, diff 7->8 parsePatch DoS) and refresh transitive deps within range. Add a non-blocking dependency-audit workflow so new CVEs surface on every PR (CI watched our code but never the third-party tree). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Merging to
After your PR is submitted to the merge queue, this comment will be automatically updated with its status. If the PR fails, failure details will also be posted here |
Author
|
trunk merge below. |
Contributor
|
@16francej — recommend closing this PR as superseded by #2226. Unresolved security problems remain, and the branch also combines unrelated dependency and release changes; #2226 owns the complete local-auth and legacy-profile migration. Preserve #2062’s authentication-hardening attribution in #2226, and move any still-current dependency remediation to a separate compatibility-reviewed change. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two related daemon-security fixes:
/healthtoken leak (privilege escalation)./healthreturned theroot
AUTH_TOKENto any caller with achrome-extension://Origin,regardless of which extension. On a multi-extension machine a second
extension could scrape it and drive every browse-server endpoint. The
extension-origin path now requires an exact
chrome-extension://<BROWSE_EXTENSION_ID>match when the id is pinned,mirroring the existing
/wsorigin gate interminal-agent.ts.Backward-compatible: unset id = unchanged behavior.
Dependency CVEs.
bun auditflagged 37 advisories. Patched the directdeps we control (
@anthropic-ai/sdk0.78.0 → 0.91.1 insecure file perms,diff7 → 8 parsePatch DoS) and refreshed transitive deps within range.Added a non-blocking
dependency-auditCI workflow so new CVEs surface atreview time.
Why
The
/healthbehavior is a real, exploitable privilege-escalation path onshared/multi-extension machines (it was already filed internally as a deferred
P2). The remaining transitive advisories live behind pinned upstream packages
and are documented as follow-up.
Testing
bun test browse/test/server-auth.test.ts— 39/39 pass (added a regressiontest pinning the extension-id gate).
bun auditbefore/after confirms the two direct-dep CVEs are cleared.Notes
BROWSE_EXTENSION_IDis set.