Chrome extension no longer available in the Chrome web store

[unfulvio]

this returns 404 at the moment

https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef

@barbushin what happened?

[rmirabelle]

Confirmed - cannot find the extension - I need it!! Help!

[gr0uch0dev]

Please upload again. Need it as well! At the moment I'm getting the repository and load it in Chrome by hand with the following steps

Download the repo from: https://github.com/barbushin/php-console-extension Unzip it Go to : chrome://extensions/ Allow developer mode and "Load unpacked"

[unfulvio]

yeah @gr0uch0dev that's an option too - however I'd like to know if the extension is going to be permanently out of the repository or if it's gonna be re-uploaded: based on that feedback I might change the documentation for a project that uses php-console

CC @barbushin

[steveramos]

anyone know what's going on with this?

@barbushin ?

[rmirabelle]

@gr0uch0dev This worked for me - Thank you!!! Due to the complete lack of response on this thread, I'm now quite worried about the future of this extension. Tried another extension (Clockwork), which functions similarly, but I don't like it. Thankfully, for now I can roll back to this trusty tool.

[gaberust]

@unfulvio @steveramos

It seems the author hasn't been on GitHub all year, and probably removed the extension after it got put under the spotlight on HackTheBox. If you are using this, don't, it has some serious security issues and an MIA maintainer.

[gr0uch0dev]

Yep true.

There was an open challenge on HTB about this add-on. Be careful :)

[unfulvio]

this has always been a tool intended for local environments or test machines and not to be used in production - no matter how safe; source code is here and on the matching Chrome extension, there doesn't seem to be anything that points to a safety issue for the intended use case

[SourceCode]

This is not meant for a production environment. Of course you have security risks if you are running this in production, it has enable eval terminal in the UI. Its meant for development.

[Pacoup]

Yeah, Chrome just nuked this for me...

[goldingdamien]

Just got disabled for me. Was this a security risk with it enabled? The lack of information other than being disabled and "This extension contains malware" is a little concerning.

[ltoews]

Same here. This has been my go-to debugging tool for years. Not happy about having to find an alternative.

[Pacoup]

@goldingdamien Yeah, wondering about the same thing. Can't find any information. The repo itself hasn't been updated, so I assume someone managed to takeover the Google account and upload a version with malware.

On the other hand, the actual extension directory shows it was last updated July 7, 2019, so it doesn't look like a version with actual malware made it. Perhaps an attacker tried to upload a version with malware and Google detected it and shut down the whole thing as a precaution.

It hasn't been on the store for a while though, according to this thread. Maybe the attacker tried to restore it.

[unfulvio]

It's likely a false positive (the last update in the Web store matches the last update date in https://github.com/barbushin/php-console-extension).

Nonetheless, you can still install the extension manually by downloading https://github.com/barbushin/php-console-extension, unzip and then go to chrome://extensions and click Load unpacked, select the folder and done