Disable brandcode config fetcher #2266
Labels
privacy/connect
This requires making a network connection to a third-party service.
QA/No
release-notes/exclude
Milestone
When a user resets their profile ("Restore settings to their original defaults" option in settings), Chromium may decide to fetch a set of default settings from a Google-controlled server. This is gated on the "brand code", which is only set during non-organic installs of Google Chrome on desktop Mac and Windows, i.e. installs from a third party that Google has authorized to redistribute Chrome on their behalf (e.g. ISPs, PC manufacturers). Such parties may specify their own default settings, which would take effect when the user "resets" their profile.
I am 95% sure that this code is never executed, but the branding code is extremely complicated and involves looking at flags outside the original installation path (e.g. the Windows registry), so there is a chance that this code could trigger on a system that had a non-organic Chrome install but the user has now chosen to install Brave.
As a defense-in-depth, I recommend disabling the brand code config fetcher altogether.
Note: the
BrandcodeConfigFetcher
class handles retrieving and modifying the settings, but it also takes a callback which is called once the "proper" default settings are in place. I recommend unconditionally calling this callback, then skipping the network fetch.The text was updated successfully, but these errors were encountered: