Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unwanted fallback to www.google.com:80 if redirector.brave.com is unresponsive #29841

Closed
fmarier opened this issue Apr 19, 2023 · 10 comments · Fixed by brave/brave-core#18184
Closed

Unwanted fallback to www.google.com:80 if redirector.brave.com is unresponsive #29841

fmarier opened this issue Apr 19, 2023 · 10 comments · Fixed by brave/brave-core#18184
Assignees
@spylogsster
Labels
network/startup requests OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy/connect This requires making a network connection to a third-party service. QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Milestone
1.52.x - Release

Comments

@fmarier
Copy link
Member

fmarier commented Apr 19, 2023

Description

If redirector.brave.com is unresponsive (e.g. returning a 503), the browser will fall back to www.google.com:80 (yes, unencrypted HTTP) for component updates.

Steps to Reproduce

This is how I did it on a Linux machine:

  1. Put this line in /etc/hosts: 127.0.0.1 redirector.brave.com
  2. Start an interception proxy: mitmproxy --mode socks5 --listen-port 9000
  3. Start Brave (new profile): brave-browser-stable --user-data-dir=/home/francois/brave-temp-profile --proxy-server="socks5://localhost:9000"

Actual result:

Then you should immediately see two HTTP (port 80) requests to www.google.com:

GET http://www.google.com/dl/release2/chrome_component/acknfovcvghy2mrucp77wk2gl3la_7957/hfnkpimlhhgieaddgfemjhofmfblmnib_7957_all_adzjna7hdabpdzvqlsg4kn5wn73a.crx3
GET http://www.google.com/dl/release2/chrome_component/prikcrkh6jeqqkyjq6gvwcop64_58/khaoiebndkojlmppeemjhbpbandiljpe_58_linux_bnsevftmao3ole3oz24w3p7u74.crx3

The first one refers to CRLsets (a TLS component) while the second one is part of Safe Browsing (the File Type Policies component).

Later we see these components being downloaded using the HTTP fallback:

  • Safety Tips
  • Crowd Deny
  • PKI Metadata
  • Hyphenation

Expected result:

If the connection to redirector.brave.com fails, the browser should simply give up and not update the components.

Desktop Brave version:

Brave	1.50.119 Chromium: 112.0.5615.121 (Official Build) (64-bit) 
Revision	39cc4e45904ae9f1741c4fbaa866e629c96f2268-refs/branch-heads/5615_51@{#8}
OS	Linux

Android Device details:

I didn't test on Android, but I suspect it has the same fallback.
@fmarier fmarier added privacy/connect This requires making a network connection to a third-party service. OS/Android Fixes related to Android browser functionality OS/Desktop network/startup requests labels Apr 19, 2023
@fmarier fmarier added the priority/P2 A bad problem. We might uplift this to the next planned release. label Apr 19, 2023
@stoletheminerals
Copy link

stoletheminerals commented Apr 19, 2023
edited
Loading

Can confirm it falls back to www.google.com:80 on Android
Steps to reproduce, using a real device:

On desktop machine (macos or linux):

  1. Put this line in /etc/hosts: 127.0.0.1 redirector.brave.com
  2. Start an interception proxy: mitmproxy --mode regular --listen-port 9000 (Alternatively use another proxy software, such as Charles (default proxy port is 8888))

On Android device :

  1. Make sure Brave is not installed
  2. Go to System Settings and change WiFI settings: Proxy: Manual , Proxy hostname: Desktop IP address , Proxy port: 9000
  3. Install and open Brave

Result will be the same as mentioned by @fmarier above

@fmarier fmarier added this to the 1.50.x - Release #5 milestone Apr 20, 2023
@spylogsster spylogsster self-assigned this Apr 20, 2023
@kjozwiak kjozwiak removed this from the 1.50.x - Release #5 milestone Apr 20, 2023
@kjozwiak
Copy link
Member

Removed milestone, we'll move the issue into the appropriate milestone once we have uplifts. Assuming this needs to go out via the next possible release. It could be a 1.50.x if we end up getting another C112 build or 1.51.x which is the next major release as per https://github.com/brave/brave-browser/wiki/Brave-Release-Schedule#release-channel-dates. Either way, once we get uplifts, the issue will be moved into the appropriate milestone 👍

@spylogsster spylogsster mentioned this issue Apr 21, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.52.x - Nightly milestone Apr 24, 2023
@stephendonner
Copy link

stephendonner commented May 5, 2023
edited
Loading

Verification PASSED using

Brave 1.52.84 Chromium: 113.0.5672.63 (Official Build) beta (x86_64)
Revision 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS macOS Version 13.4 (Build 22F5059b)

Confirmed issue using 1.51.110

Steps:

  1. entered sudo nano /etc/hosts in Terminal.app
  2. added 127.0.0.1 redirector.brave.com and saved the changes
  3. restarted macOS
  4. installed 1.52.84
  5. launched Fiddler Everywhere
  6. launched Brave
  7. checked for the two (2) initial, immediate GET requests to http://www.google.com/dl/release2/chrome_component...

Confirmed only requests to *.brave.com hosts during fallback, when redirector.brave.com is unreachable

1.52.84 google filter 1.51.110 etc/hosts
Screenshot 2023-05-04 at 7 01 55 PM Screenshot 2023-05-04 at 7 00 53 PM Screenshot 2023-05-04 at 6 54 04 PM Screenshot 2023-05-04 at 7 05 04 PM

@stephendonner stephendonner added QA/In-Progress Indicates that QA is currently in progress for that particular issue QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels May 5, 2023
@taoeffect
Copy link

@stephendonner is it me or does the screenshot above show the two requests to google still in 1.51.110?

@stephendonner
Copy link

@stephendonner is it me or does the screenshot above show the two requests to google still in 1.51.110?

It is not you - the fix wasn't (yet) uplifted to 1.51.x, so that makes sense...

@fmarier
Copy link
Member Author

fmarier commented May 5, 2023

@taoeffect The fix for the password manager leak (brave/brave-core#18153) is in 1.51, but the one for the fallback to http://www.google.com on port 80 will come a little later (1.52).

@MadhaviSeelam
Copy link

MadhaviSeelam commented May 18, 2023
edited
Loading

Verification PASSED using

Brave | 1.52.102 Chromium: 113.0.5672.126 (Official Build) beta (64-bit)
-- | --
Revision | c541687b21a73452ab403e2dced7033ddc97ee9d-refs/branch-heads/5672@{#1202}
OS | Windows 11 Version 22H2 (Build 22621.1702)

Confirmed issue using 1.51.118

Steps:

  1. entered windows/system32/driver/etc/hosts
  2. added 127.0.0.1 redirector.brave.com and saved the changes
  3. restarted macOS
  4. installed 1.52.102
  5. launched Fiddler Everywhere
  6. launched Brave
  7. checked for the two (2) initial, immediate GET requests to http://www.google.com/dl/release2/chrome_component...

Confirmed only requests to *.brave.com hosts during fallback, when redirector.brave.com is unreachable

step 2 1.52.102 google filter 1.51.118
image image Screenshot 2023-05-18 130313 image

@Uni-verse Uni-verse added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label May 22, 2023
@Uni-verse
Copy link
Contributor

Uni-verse commented May 22, 2023
edited
Loading

Verified on Samsung Galaxy S21 5G using the following build version(s):

Brave	1.52.107 Chromium: 114.0.5735.26 (Official Build) beta (32-bit) 
Revision	7075cbb66f0542ac3e01ddfde6b813e7d61118a5-refs/branch-heads/5735@{#454}
OS	Android 13; Build/TP1A.220624.014; 33; REL

Using description and steps to reproduce in #29841 (comment), the fallback was reproduced using build version 1.50.106

The following rewrite rule in Charles Proxy was created to modify the http response code from 200 to 503 for all responses for https://redirector.brave.com

  • Verified fallback to www.google.com:80 was not made if redirector.brave.com is unresponsive

Screenshot 2023-05-22 at 1 03 12 PM

1.50.x 1.52.x
Screenshot 2023-05-22 at 1 02 43 PM Screenshot 2023-05-22 at 1 04 29 PM

@Uni-verse Uni-verse added QA Pass - Android ARM and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels May 22, 2023
@hffvld hffvld added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label May 23, 2023
@hffvld
Copy link
Contributor

hffvld commented May 23, 2023

Verified on Galaxy Tab S8 using version(s):

Device/OS: SM-X700 Galaxy Tab S8 [gts8wifixx-user 13 TP1A.220624.014 release-keys]
Brave build: 1.52.109
Chromium: 114.0.5735.26 (Official Build) beta (64-bit)
Revision: 7075cbb66f0542ac3e01ddfde6b813e7d61118a5-refs/branch-heads/5735@{#454}

STEPS:

  1. Enter sudo nano /etc/hosts in Terminal
  2. Add 127.0.0.1 redirector.brave.com and saved the changes
  3. Install build 1.52.109
  4. Launch Charles Proxy
  5. Launch Brave
  6. Checked for the initial GET requests to http://www.google.com/dl/release2/chrome_component...

ACTUAL RESULTS:

  • Verified that there is no http://www.google.com/dl/release2/chrome_component... GET calls observed
1.51.114 1.51.114 1.52.109 1.52.109
1 2 3 4

@hffvld hffvld added QA Pass - Android Tab and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels May 23, 2023
@btlechowski
Copy link

Reproduced on 1.51.118

image

Verification passed on

Brave 1.52.112 Chromium: 114.0.5735.35 (Official Build) (64-bit)
Revision 2295354895fa3652ae47b651481831484f16d1ff-refs/branch-heads/5735@{#713}
OS Ubuntu 18.04 LTS

Verified fallback to www.google.com:80 was not made when redirector.brave.com is unresponsive

image

@LaurenWags LaurenWags mentioned this issue May 26, 2023
Closed
@kjozwiak kjozwiak mentioned this issue May 31, 2023
Closed
@ShivanKaul ShivanKaul mentioned this issue Jun 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spylogsster spylogsster

Labels
network/startup requests OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy/connect This requires making a network connection to a third-party service. QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Projects
None yet
Milestone
1.52.x - Release
Development

Successfully merging a pull request may close this issue.

Update CLR set brave/brave-core