Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Enable blocklist_extension_fetcher #12297

Closed
jumde opened this issue Oct 23, 2020 · 3 comments · Fixed by brave/brave-core#6990
Closed

[Security] Enable blocklist_extension_fetcher #12297

jumde opened this issue Oct 23, 2020 · 3 comments · Fixed by brave/brave-core#6990
Assignees
@fmarier
Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.21.x - Release

Comments

@jumde
Copy link
Contributor

jumde commented Oct 23, 2020
edited by fmarier
Loading

Source here: https://source.chromium.org/chromium/chromium/src/+/master:chrome/browser/extensions/blocklist_state_fetcher.cc

Community reports:
@jumde jumde self-assigned this Oct 23, 2020
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. labels Oct 23, 2020
@diracdeltas diracdeltas assigned fmarier and unassigned jumde Oct 27, 2020
@fmarier fmarier mentioned this issue Oct 30, 2020
Merged
33 tasks
fmarier added a commit to brave/brave-core that referenced this issue Oct 31, 2020
@fmarier
Enable Safe Browsing endpoint for extension blacklist (fixes brave/br…
eb5ebee 
…ave-browser#12297)
@fmarier
Copy link
Member

fmarier commented Dec 19, 2020

Looks like #4674 will be needed first since the Google endpoint is https://safebrowsing.google.com/safebrowsing/clientreport/crx-list-info which we don't currently have a proxy for.

fmarier added a commit to brave/brave-core that referenced this issue Dec 19, 2020
@fmarier
Enable Safe Browsing endpoint for extension blacklist (fixes brave/br…
28c5e2c 
…ave-browser#12297)
fmarier added a commit to brave/brave-core that referenced this issue Feb 5, 2021
@fmarier
Enable Safe Browsing endpoint for extension blacklist (fixes brave/br…
db1038f 
…ave-browser#12297)
@fmarier fmarier added this to the 1.22.x - Nightly milestone Feb 8, 2021
@fmarier fmarier added the QA/Yes label Feb 8, 2021
@fmarier
Copy link
Member

fmarier commented Feb 8, 2021

There's no easy way to test the extension blocking functionality, but it's covered somewhat by a unit test.

What I would suggest instead as a test plan is to ensure that we didn't break download protection:

  1. Open https://testsafebrowsing.appspot.com/
  2. Check that all links in the "Desktop Download Warnings" lead to blocked downloads.

@kjozwiak kjozwiak mentioned this issue Feb 16, 2021
Merged
4 tasks
@LaurenWags LaurenWags changed the title Enable blocklist_extension_fetcher [Security] Enable blocklist_extension_fetcher Feb 22, 2021
@LaurenWags
Copy link
Member

LaurenWags commented Feb 22, 2021
edited by btlechowski
Loading

Verified using

Brave	1.21.64 Chromium: 88.0.4324.182 (Official Build) beta (x86_64)
Revision	73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
OS	macOS Version 10.15.7 (Build 19H512)

Verified test plan from #12297 (comment). Confirmed all links under "Desktop Download Warnings" were blocked.

Example Example
Screen Shot 2021-02-22 at 10 20 53 AM Screen Shot 2021-02-22 at 10 20 40 AM

Verification passed on

Brave | 1.21.63 Chromium: 88.0.4324.182 (Official Build) dev (64-bit)
-- | --
Revision | 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
OS | Windows 10 OS Version 2004 (Build 19041.804)
Example Example
image image

Verification passed on

Brave 1.21.64 Chromium: 88.0.4324.182 (Official Build) beta (64-bit)
Revision 73ee5087001dcef33047c4ed650471b225dd8caf-refs/branch-heads/4324@{#2202}
OS Ubuntu 18.04 LTS

Verified test plan from #12297 (comment)

image

@fmarier fmarier removed the blocked label Feb 22, 2021
@LaurenWags LaurenWags mentioned this issue Mar 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fmarier fmarier

Labels
OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.21.x - Release
Development

Successfully merging a pull request may close this issue.

Enable Safe Browsing endpoint for extension blacklist brave/brave-core
7 participants
@fmarier @diracdeltas @jumde @kjozwiak @LaurenWags @btlechowski @GeetaSarvadnya