Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extension not reviewed for security and safety warning message is not displayed while adding extensions #10113

Closed
GeetaSarvadnya opened this issue Jun 5, 2020 · 1 comment · Fixed by brave/brave-core#5772
Closed

Extension not reviewed for security and safety warning message is not displayed while adding extensions #10113

GeetaSarvadnya opened this issue Jun 5, 2020 · 1 comment · Fixed by brave/brave-core#5772
Assignees
@mkarolin
Labels
bug feature/extensions OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes regression release-notes/exclude security
Milestone
1.10.x - Release

Comments

@GeetaSarvadnya
Copy link

Description

Extension not reviewed for security and safety warning message is not displayed while adding extensions (ABP/Google translate/dark reader) in 1.10.x - warning message is shown for the same extensions in released version 1.9.x

Steps to Reproduce

  1. Clean profile 1.10.86 Chromium: 83.0.4103.61
  2. Open CWS
  3. Try to add extensions (ABP/Google translate/dark reader)

Actual result:

Extension not reviewed for security and safety warning message is not displayed while adding extensions (ABP/Google translate/dark reader) in 1.10.x

1.10.86
image
image
image

1.9.x
image
image
image

Expected result:

Extension warning message should be displayed for ABP/Google translate/dark reader

Reproduces how often:

Always

Brave version (brave://version info)

Brave 1.10.86 Chromium: 83.0.4103.61 (Official Build) (64-bit)
Revision 94f915a8d7c408b09cc7352161ad592299f384d2-refs/branch-heads/4103@{#561}
OS Windows 10 OS Version 1803 (Build 17134.1006)

Version/Channel Information:

  • Can you reproduce this issue with the current release? No
  • Can you reproduce this issue with the beta channel? Yes
  • Can you reproduce this issue with the dev channel? Yes
  • Can you reproduce this issue with the nightly channel? Yes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields?NA
  • Does the issue resolve itself when disabling Brave Rewards?NA
  • Is the issue reproducible on the latest version of Chrome? NA

Miscellaneous Information:

cc: @brave/legacy_qa @rebron @bsclifton
@GeetaSarvadnya GeetaSarvadnya added this to the 1.10.x - Release milestone Jun 5, 2020
@srirambv srirambv removed this from the 1.10.x - Release milestone Jun 8, 2020
@GeetaSarvadnya GeetaSarvadnya mentioned this issue Jun 8, 2020
Closed
@mkarolin mkarolin self-assigned this Jun 8, 2020
mkarolin added a commit to brave/brave-core that referenced this issue Jun 8, 2020
@mkarolin
Fixes extensions install prompt.
b31174b 
The override of extensions install prompt text has regressed with
Chromium 83 update.

Removed BravePrompt that inherited from ExtensionInstallPrompt::Prompt
and overrode GetDialogTitle method. Instead, renamed the original method
to GetDialogTitle_ChromiumImpl and added our own GetDialogTitle.

Fixes brave/brave-browser#10113

The regression is due to Chromium change that was creating
ExtensionInstallPrompt::Prompt from
WebstorePrivateBeginInstallWithManifest3Function::OnWebstoreParseSuccess.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/4f35260605f0a6fa5153bcc40cc9ed7b235fddec

commit 4f35260605f0a6fa5153bcc40cc9ed7b235fddec
Author: Danan S <[email protected]>
Date:   Fri Mar 27 00:41:17 2020 +0000

    Reland "Changes to Webstore Private API to support child extension installation"

    This relands the feature originally landed in
    99ffda8ef2c76aa79923281a57c82a70e68d0d45

    That CL was reverted due to an use-after-free error triggered by
    ExtensionWebstorePrivateApiTestChildInstallEnabled, but caused
    by already landed code used by the Webstore Private API.

    The actual fix for the use-after-free was fixed in http://crrev.com/c/2100548

    That fix involved changes in the ParentPermissionDialog APIs, which are
    reflected in this reland CL.

    Original change's description:
    > Revert "Changes to Webstore Private API to support child extension installation"
    >
    > This reverts commit 99ffda8ef2c76aa79923281a57c82a70e68d0d45.
    >
    > Reason for revert: browser_tests failing on https://ci.chromium.org/p/chromium/builders/ci/Linux%20Chromium%20OS%20ASan%20LSan%20Tests%20%281%29/37129 and https://ci.chromium.org/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Tests/18174
    >
    > Original change's description:
    > > Changes to Webstore Private API to support child extension installation
    > >
    > > These changes are required in order to prompt a child user to get
    > > parent permission when they attempt to install an extension in the
    > > Chrome Webstore.
    > >
    > > This CL also enables the feature by default.
    > >
    > > Bug: 957832
@mkarolin mkarolin mentioned this issue Jun 8, 2020
Merged
32 tasks
This was referenced Jun 9, 2020
Merged
Merged
@LaurenWags LaurenWags added this to the 1.10.x - Release milestone Jun 10, 2020
@kjozwiak
Copy link
Member

kjozwiak commented Jun 11, 2020
edited by btlechowski
Loading

Verification PASSED on macOS 10.15.5 x64 using the following build:

Brave | 1.10.88 Chromium: 83.0.4103.97 (Official Build) (64-bit)
-- | --
Revision | 326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{#657}
OS | macOS Version 10.15.5 (Build 19F101)
  • ensured that clicking on Add extension on the modal warning users that the extension wasn't vetted by Brave installs the extension without any issues
    • ensured that clicking on Cancel works as expected as well

Extension modal for none vetted extensions

Screen Shot 2020-06-10 at 10 56 09 PM

Screen Shot 2020-06-10 at 10 55 38 PM

Extension modal for vetted extensions

Screen Shot 2020-06-10 at 10 59 31 PM

Verification passed on


Brave | 1.10.88 Chromium: 83.0.4103.97 (Official Build) (64-bit)
-- | --
Revision | 326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{#657}
OS | Windows 10 OS Version 1803 (Build 17134.1006)
  • ensured that clicking on Add extension on the modal warning users that the extension wasn't vetted by Brave installs the extension without any issues
    • ensured that clicking on Cancel works as expected as well
      image

Extension modal for vetted extensions
image

Verification passed on

Brave 1.10.88 Chromium: 83.0.4103.97 (Official Build) (64-bit)
Revision 326d148b9655369b86498d9ecca39f63dd2bdd2d-refs/branch-heads/4103@{#657}
OS Ubuntu 18.04 LTS

image
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkarolin mkarolin

Labels
bug feature/extensions OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes regression release-notes/exclude security
Projects
None yet
Milestone
1.10.x - Release
Development

Successfully merging a pull request may close this issue.

Fixes extensions install prompt. brave/brave-core
7 participants
@kjozwiak @rebron @srirambv @LaurenWags @btlechowski @GeetaSarvadnya @mkarolin