Privacy Sandbox: Check HasCommitted in helper

When responding to navigations, the Privacy Sandbox Dialog Helper did not check that the navigation had actually committed. This potentially results in accessing invalid state from the NavigationHandle. (cherry picked from commit 5b4c37b) Bug: 1316457 Change-Id: Ibb9b6736f9054a73178303475debdd5f51037096 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3593193 Reviewed-by: Martin Šrámek <msramek@chromium.org> Commit-Queue: Theodore Olsauskas-Warren <sauski@google.com> Cr-Original-Commit-Position: refs/heads/main@{#993642} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3595985 Auto-Submit: Theodore Olsauskas-Warren <sauski@google.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5005@{#46} Cr-Branched-From: 5b4d945-refs/heads/main@{#992738}
chromium · Apr 20, 2022 · c5a32d9 · c5a32d9
1 parent dd500c1
commit c5a32d9
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/chrome/browser/ui/privacy_sandbox/privacy_sandbox_dialog_helper.cc b/chrome/browser/ui/privacy_sandbox/privacy_sandbox_dialog_helper.cc
@@ -48,8 +48,10 @@ void PrivacySandboxDialogHelper::DidFinishNavigation(
     return;
 
   // Only valid top frame navigations are considered.
-  if (!navigation_handle || !navigation_handle->IsInPrimaryMainFrame())
+  if (!navigation_handle || !navigation_handle->HasCommitted() ||
+      !navigation_handle->IsInPrimaryMainFrame()) {
     return;
+  }
 
   // Check whether the navigation target is a suitable dialog location. The
   // navigation URL, rather than the visible or committed URL, is required to