Add comment to SiteForCookies mojom about effects of security breach

Adding a comment describing effects of a compromised renderer and
noting that a fix is in progress.

Bug: 1069040
Change-Id: I3914730e02cbd3d21dce500c52f7abdaebf53df2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2142613
Commit-Queue: Steven Bingler <bingler@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#757858}

services/network/public/mojom/url_loader.mojom

@@ -120,6 +120,14 @@ struct URLRequest {
   // bypassed by setting site_for_cookies = SiteForCookies::FromUrl(url), but
   // this should only be done if the fetch can be reasonably said to be done by
   // the same principal as what |url| represents.
+  //
+  // Currently if a renderer is compromised an attacker could alter the
+  // SiteForCookies. This would allow the renderer to send cookies to a
+  // third-party context when it otherwise wouldn't be able to.
+  // https://crbug.com/1060631 will move the SFC computation into the browser
+  // process to prevent this.
+  // TODO(https://crbug.com/1060631): Remove this message after the fix is
+  // landed.
   SiteForCookies site_for_cookies;
 
   // Boolean indicating whether SameSite cookies are allowed to be attached