[Backport] CVE-2022-2162: Insufficient policy enforcement in File System API

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3638698/:
FSA: Sanitize .url files

Bug: 1307930
Change-Id: I7ed3cca5942a5334ba761d269bdd8961fa9d13fe
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1002495}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

1 files changed, 6 insertions, 4 deletions

diff --git a/chromium/content/browser/file_system_access/file_system_chooser.cc b/chromium/content/browser/file_system_access/file_system_chooser.cc
index c72148abcba..d9b7f973dec 100644
--- a/chromium/content/browser/file_system_access/file_system_chooser.cc
+++ b/chromium/content/browser/file_system_access/file_system_chooser.cc
@@ -245,13 +245,15 @@ bool FileSystemChooser::IsShellIntegratedExtension(
   base::FilePath::StringType extension_lower =
       base::ToLowerASCII(GetLastExtension(extension));
 
-  // .lnk and .scf files may be used to execute arbitrary code (see
+  // '.lnk' and '.scf' files may be used to execute arbitrary code (see
   // https://nvd.nist.gov/vuln/detail/CVE-2010-2568 and
-  // https://crbug.com/1227995, respectively). .local files are used by Windows
-  // to determine which DLLs to load for an application.
+  // https://crbug.com/1227995, respectively). '.local' files are used by
+  // Windows to determine which DLLs to load for an application. '.url' files
+  // can be used to read arbirtary files (see https://crbug.com/1307930).
   if ((extension_lower == FILE_PATH_LITERAL("lnk")) ||
       (extension_lower == FILE_PATH_LITERAL("local")) ||
-      (extension_lower == FILE_PATH_LITERAL("scf"))) {
+      (extension_lower == FILE_PATH_LITERAL("scf")) ||
+      (extension_lower == FILE_PATH_LITERAL("url"))) {
     return true;
   }