fix: chrome.tabs 'url' and 'title' are privileged information (#39595)

fix: tabs url and title are privileged information

shell/browser/extensions/api/tabs/tabs_api.cc

@@ -301,6 +301,7 @@ ExtensionFunction::ResponseAction TabsQueryFunction::Run() {
 
     tabs::Tab tab;
     tab.id = contents->ID();
+    tab.title = base::UTF16ToUTF8(wc->GetTitle());
     tab.url = wc->GetLastCommittedURL().spec();
     tab.active = contents->IsFocused();
     tab.audible = contents->IsCurrentlyAudible();
@@ -322,12 +323,18 @@ ExtensionFunction::ResponseAction TabsGetFunction::Run() {
     return RespondNow(Error("No such tab"));
 
   tabs::Tab tab;
-
   tab.id = tab_id;
-  // TODO(nornagon): in Chrome, the tab URL is only available to extensions
-  // that have the "tabs" (or "activeTab") permission. We should do the same
-  // permission check here.
-  tab.url = contents->web_contents()->GetLastCommittedURL().spec();
+
+  // "title" and "url" properties are considered privileged data and can
+  // only be checked if the extension has the "tabs" permission or it has
+  // access to the WebContents's origin.
+  auto* wc = contents->web_contents();
+  if (extension()->permissions_data()->HasAPIPermissionForTab(
+          contents->ID(), mojom::APIPermissionID::kTab) ||
+      extension()->permissions_data()->HasHostPermission(wc->GetURL())) {
+    tab.url = wc->GetLastCommittedURL().spec();
+    tab.title = base::UTF16ToUTF8(wc->GetTitle());
+  }
 
   tab.active = contents->IsFocused();
 
@@ -609,10 +616,16 @@ ExtensionFunction::ResponseValue TabsUpdateFunction::GetResult() {
   auto* api_web_contents = electron::api::WebContents::From(web_contents_);
   tab.id = (api_web_contents ? api_web_contents->ID() : -1);
 
-  // TODO(nornagon): in Chrome, the tab URL is only available to extensions
-  // that have the "tabs" (or "activeTab") permission. We should do the same
-  // permission check here.
-  tab.url = web_contents_->GetLastCommittedURL().spec();
+  // "title" and "url" properties are considered privileged data and can
+  // only be checked if the extension has the "tabs" permission or it has
+  // access to the WebContents's origin.
+  if (extension()->permissions_data()->HasAPIPermissionForTab(
+          api_web_contents->ID(), mojom::APIPermissionID::kTab) ||
+      extension()->permissions_data()->HasHostPermission(
+          web_contents_->GetURL())) {
+    tab.url = web_contents_->GetLastCommittedURL().spec();
+    tab.title = base::UTF16ToUTF8(web_contents_->GetTitle());
+  }
 
   if (api_web_contents)
     tab.active = api_web_contents->IsFocused();

shell/common/extensions/api/_permission_features.json

@@ -20,5 +20,11 @@
     "extension_types": [
       "extension"
     ]
+  },
+  "tabs": {
+    "channel": "stable",
+    "extension_types": [
+      "extension"
+    ]
   }
 }

shell/common/extensions/electron_extensions_api_provider.cc

@@ -39,6 +39,8 @@ constexpr APIPermissionInfo::InitInfo permissions_to_register[] = {
     {mojom::APIPermissionID::kPdfViewerPrivate, "pdfViewerPrivate"},
 #endif
     {mojom::APIPermissionID::kManagement, "management"},
+    {mojom::APIPermissionID::kTab, "tabs",
+     APIPermissionInfo::kFlagRequiresManagementUIWarning},
 };
 base::span<const APIPermissionInfo::InitInfo> GetPermissionInfos() {
   return base::make_span(permissions_to_register);