Loading CHANGELOG.md +4 −0 Original line number Diff line number Diff line # 85.0.4183.110 * hardening against incognito mode detection * fix background playback issue (fixes https://github.com/bromite/bromite/issues/734) # 85.0.4183.94 * disable the DIAL repeating discovery * removed patch for session-only cookies support Loading build/RELEASE +1 −1 Original line number Diff line number Diff line 85.0.4183.94 85.0.4183.110 build/bromite_patches_list.txt +1 −0 Original line number Diff line number Diff line Loading @@ -148,3 +148,4 @@ Disable-the-DIAL-repeating-discovery.patch Timezone-customization.patch Block-all-connection-requests-with-qjz9zk-in-the-domain-name-or-with-a-trk-scheme.patch Automated-domain-substitution.patch Hardening-against-incognito-mode-detection.patch build/patches/Hardening-against-incognito-mode-detection.patch 0 → 100644 +33 −0 Original line number Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Sat, 5 Sep 2020 21:38:15 +0200 Subject: Hardening against incognito mode detection --- storage/browser/quota/quota_features.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/storage/browser/quota/quota_features.cc b/storage/browser/quota/quota_features.cc --- a/storage/browser/quota/quota_features.cc +++ b/storage/browser/quota/quota_features.cc @@ -27,15 +27,15 @@ const base::Feature kQuotaUnlimitedPoolSize{"QuotaUnlimitedPoolSize", // IncognitoDynamicQuota enables dynamic assignment of quota to incognito mode // based on the physical memory size and removes the fixed upper cap for it. const base::Feature kIncognitoDynamicQuota{"IncognitoDynamicQuota", - base::FEATURE_DISABLED_BY_DEFAULT}; + base::FEATURE_ENABLED_BY_DEFAULT}; // Dynamic quota for incognito mode would be set by a random fraction of // physical memory, between |IncognitoQuotaRatioLowerBound| and // |IncognitoQuotaRatioUpperBound|. constexpr base::FeatureParam<double> kIncognitoQuotaRatioLowerBound{ - &kIncognitoDynamicQuota, "IncognitoQuotaRatioLowerBound", 0.1}; + &kIncognitoDynamicQuota, "IncognitoQuotaRatioLowerBound", 0.15}; constexpr base::FeatureParam<double> kIncognitoQuotaRatioUpperBound{ - &kIncognitoDynamicQuota, "IncognitoQuotaRatioUpperBound", 0.2}; + &kIncognitoDynamicQuota, "IncognitoQuotaRatioUpperBound", 0.3}; } // namespace features } // namespace storage -- 2.17.1 build/patches/Inject-scripts-for-AMP-tracking-ads-and-video.patch +1 −1 Original line number Diff line number Diff line Loading @@ -155,7 +155,7 @@ new file mode 100644 +#ifndef video_bg_play_h +#define video_bg_play_h + +#define VIDEO_BG_PLAY_JS "'use strict';\n\nconst IS_YOUTUBE = window.location.hostname.search(/(?:^|.+\\.)youtube.com/) > -1 ||\n window.location.hostname.search(/(?:^|.+\\.)youtube-nocookie.com/) > -1;\nconst IS_MOBILE_YOUTUBE = window.location.hostname == 'm.youtube.com';\nconst IS_VIMEO = window.location.hostname.search(/(?:^|.+\\.)vimeo.com/) > -1;\n\n/* video background play fix - based on https://github.com/mozilla/video-bg-play */\ndocument.wrappedJSObject = {};\n\n// Page Visibility API\nObject.defineProperties(document.wrappedJSObject,\n { 'hidden': {value: false}, 'visibilityState': {value: 'visible'} });\n\nwindow.addEventListener(\n 'visibilitychange', evt => evt.stopImmediatePropagation(), true);\n\n// Fullscreen API\nif (IS_VIMEO) {\n window.addEventListener(\n 'fullscreenchange', evt => evt.stopImmediatePropagation(), true);\n}\n\n// User activity tracking\nif (IS_YOUTUBE) {\n const refreshInterval = 2 + 3 * 60 * 1000; // every 3 minutes\n waitForYoutubeLactInit(() => refreshLact(), refreshInterval);\n}\n\nfunction waitForYoutubeLactInit(aCallback, aCallbackInterval, aDelay) {\n let pageWin = document.wrappedJSObject;\n if (pageWin.hasOwnProperty('_lact')) {\n window.setInterval(aCallback, aCallbackInterval);\n } else {\n window.setTimeout(() => waitForYoutubeLactInit(aCallback,\n aCallbackInterval,\n aDelay * 2),\n aDelay);\n }\n}\n\nfunction refreshLact() {\n document.wrappedJSObject._lact = Date.now();\n}\n" +#define VIDEO_BG_PLAY_JS "'use strict';\n\nconst IS_YOUTUBE = window.location.hostname.search(/(?:^|.+\\.)youtube.com/) > -1 ||\n window.location.hostname.search(/(?:^|.+\\.)youtube-nocookie.com/) > -1;\nconst IS_MOBILE_YOUTUBE = window.location.hostname == 'm.youtube.com';\nconst IS_VIMEO = window.location.hostname.search(/(?:^|.+\\.)vimeo.com/) > -1;\n\n/* video background play fix - based on https://github.com/mozilla/video-bg-play */\ndocument.wrappedJSObject = {};\n\n// Page Visibility API\nObject.defineProperties(document.wrappedJSObject,\n { 'hidden': {value: false}, 'visibilityState': {value: 'visible'} });\n\nwindow.addEventListener(\n 'visibilitychange', evt => evt.stopImmediatePropagation(), true);\n\n// Fullscreen API\nif (IS_VIMEO) {\n window.addEventListener(\n 'fullscreenchange', evt => evt.stopImmediatePropagation(), true);\n}\n\nfunction activityRefresh() {\n if (window.hasOwnProperty('_lact')) {\n window._lact = Date.now();\n }\n window.setTimeout(activityRefresh, 3100 + Math.round(Math.random()*9000));\n}\n\n// User activity tracking\nif (IS_YOUTUBE) {\n window.setTimeout(activityRefresh, 2000 + Math.round(Math.random()*2000));\n}\n" + +#endif // video_bg_play_h diff --git a/third_party/blink/renderer/core/html/html_script_element.cc b/third_party/blink/renderer/core/html/html_script_element.cc Loading Loading
CHANGELOG.md +4 −0 Original line number Diff line number Diff line # 85.0.4183.110 * hardening against incognito mode detection * fix background playback issue (fixes https://github.com/bromite/bromite/issues/734) # 85.0.4183.94 * disable the DIAL repeating discovery * removed patch for session-only cookies support Loading
build/bromite_patches_list.txt +1 −0 Original line number Diff line number Diff line Loading @@ -148,3 +148,4 @@ Disable-the-DIAL-repeating-discovery.patch Timezone-customization.patch Block-all-connection-requests-with-qjz9zk-in-the-domain-name-or-with-a-trk-scheme.patch Automated-domain-substitution.patch Hardening-against-incognito-mode-detection.patch
build/patches/Hardening-against-incognito-mode-detection.patch 0 → 100644 +33 −0 Original line number Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Sat, 5 Sep 2020 21:38:15 +0200 Subject: Hardening against incognito mode detection --- storage/browser/quota/quota_features.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/storage/browser/quota/quota_features.cc b/storage/browser/quota/quota_features.cc --- a/storage/browser/quota/quota_features.cc +++ b/storage/browser/quota/quota_features.cc @@ -27,15 +27,15 @@ const base::Feature kQuotaUnlimitedPoolSize{"QuotaUnlimitedPoolSize", // IncognitoDynamicQuota enables dynamic assignment of quota to incognito mode // based on the physical memory size and removes the fixed upper cap for it. const base::Feature kIncognitoDynamicQuota{"IncognitoDynamicQuota", - base::FEATURE_DISABLED_BY_DEFAULT}; + base::FEATURE_ENABLED_BY_DEFAULT}; // Dynamic quota for incognito mode would be set by a random fraction of // physical memory, between |IncognitoQuotaRatioLowerBound| and // |IncognitoQuotaRatioUpperBound|. constexpr base::FeatureParam<double> kIncognitoQuotaRatioLowerBound{ - &kIncognitoDynamicQuota, "IncognitoQuotaRatioLowerBound", 0.1}; + &kIncognitoDynamicQuota, "IncognitoQuotaRatioLowerBound", 0.15}; constexpr base::FeatureParam<double> kIncognitoQuotaRatioUpperBound{ - &kIncognitoDynamicQuota, "IncognitoQuotaRatioUpperBound", 0.2}; + &kIncognitoDynamicQuota, "IncognitoQuotaRatioUpperBound", 0.3}; } // namespace features } // namespace storage -- 2.17.1
build/patches/Inject-scripts-for-AMP-tracking-ads-and-video.patch +1 −1 Original line number Diff line number Diff line Loading @@ -155,7 +155,7 @@ new file mode 100644 +#ifndef video_bg_play_h +#define video_bg_play_h + +#define VIDEO_BG_PLAY_JS "'use strict';\n\nconst IS_YOUTUBE = window.location.hostname.search(/(?:^|.+\\.)youtube.com/) > -1 ||\n window.location.hostname.search(/(?:^|.+\\.)youtube-nocookie.com/) > -1;\nconst IS_MOBILE_YOUTUBE = window.location.hostname == 'm.youtube.com';\nconst IS_VIMEO = window.location.hostname.search(/(?:^|.+\\.)vimeo.com/) > -1;\n\n/* video background play fix - based on https://github.com/mozilla/video-bg-play */\ndocument.wrappedJSObject = {};\n\n// Page Visibility API\nObject.defineProperties(document.wrappedJSObject,\n { 'hidden': {value: false}, 'visibilityState': {value: 'visible'} });\n\nwindow.addEventListener(\n 'visibilitychange', evt => evt.stopImmediatePropagation(), true);\n\n// Fullscreen API\nif (IS_VIMEO) {\n window.addEventListener(\n 'fullscreenchange', evt => evt.stopImmediatePropagation(), true);\n}\n\n// User activity tracking\nif (IS_YOUTUBE) {\n const refreshInterval = 2 + 3 * 60 * 1000; // every 3 minutes\n waitForYoutubeLactInit(() => refreshLact(), refreshInterval);\n}\n\nfunction waitForYoutubeLactInit(aCallback, aCallbackInterval, aDelay) {\n let pageWin = document.wrappedJSObject;\n if (pageWin.hasOwnProperty('_lact')) {\n window.setInterval(aCallback, aCallbackInterval);\n } else {\n window.setTimeout(() => waitForYoutubeLactInit(aCallback,\n aCallbackInterval,\n aDelay * 2),\n aDelay);\n }\n}\n\nfunction refreshLact() {\n document.wrappedJSObject._lact = Date.now();\n}\n" +#define VIDEO_BG_PLAY_JS "'use strict';\n\nconst IS_YOUTUBE = window.location.hostname.search(/(?:^|.+\\.)youtube.com/) > -1 ||\n window.location.hostname.search(/(?:^|.+\\.)youtube-nocookie.com/) > -1;\nconst IS_MOBILE_YOUTUBE = window.location.hostname == 'm.youtube.com';\nconst IS_VIMEO = window.location.hostname.search(/(?:^|.+\\.)vimeo.com/) > -1;\n\n/* video background play fix - based on https://github.com/mozilla/video-bg-play */\ndocument.wrappedJSObject = {};\n\n// Page Visibility API\nObject.defineProperties(document.wrappedJSObject,\n { 'hidden': {value: false}, 'visibilityState': {value: 'visible'} });\n\nwindow.addEventListener(\n 'visibilitychange', evt => evt.stopImmediatePropagation(), true);\n\n// Fullscreen API\nif (IS_VIMEO) {\n window.addEventListener(\n 'fullscreenchange', evt => evt.stopImmediatePropagation(), true);\n}\n\nfunction activityRefresh() {\n if (window.hasOwnProperty('_lact')) {\n window._lact = Date.now();\n }\n window.setTimeout(activityRefresh, 3100 + Math.round(Math.random()*9000));\n}\n\n// User activity tracking\nif (IS_YOUTUBE) {\n window.setTimeout(activityRefresh, 2000 + Math.round(Math.random()*2000));\n}\n" + +#endif // video_bg_play_h diff --git a/third_party/blink/renderer/core/html/html_script_element.cc b/third_party/blink/renderer/core/html/html_script_element.cc Loading
Aayush Gupta <theimpulson@e.email>