Safari extension does not stay unlocked

[jacopo-j]

Although Bitwarden is set to automatically lock the vault when the browser is closed, the vault inconsistently locks itself after a few seconds of inactivity (automatic lock setting seems to be ignored).

Currently using Bitwarden 1.16.4 which comes with extension v. 1.42.0. Safari 13.0.1 on macOS 10.14.6. The same issue can be reproduced on two different machines.

[stranljip]

Same here with exactly the same versions as mentioned above. If necessary I'm happy if I can provide logs/perform tests etc.

[stranljip]

Seems to work for me now with 1.16.5 from the App Store

[kspearrin]

@jacopo-j Can you try version 1.16.6 from the website please?

[jacopo-j]

I had the same problem with version 1.16.5 from the App Store, however version 1.16.6 from the website seems to be working correctly.

[jacopo-j]

I think I talked too early; the extension did lock itself after some time of inactivity (and closed browser window)

[stranljip]

I get the error again - with 1.16.5 from App Store as well as with the 1.16.6 from the website :-/ I cannot put my finger on the cause - sometimes it stays open for quite a while, sometimes it closes very fast.

[stranljip]

It seems to be unrelated to hiding the window or to locking the screen.

[jacopo-j]

@kspearrin any news on this? I think the issue should be re-opened since the problem persists.

[kspearrin]

@jacopo-j I have re-opened the issue while we continue to investigate.

[andyleejordan]

For what it's worth, I tried enabling "unlock with PIN" to see if I could at least temporarily have a better experience than re-entering my master password every few minutes, but that option also seems to be getting ignored.

[stranljip]

I just digged a little bit in the logs. It seems, that macOS deliberately kills the extension for some reason:

default 11:40:25.204027+0200    runningboardd   Finished acquiring assertion 442-169-6304 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
default 11:40:25.204255+0200    runningboardd   [xpcservice<com.bitwarden.desktop.safari(501)>:81786] Ignoring resume because this process is not lifecycle managed
default 11:40:25.204531+0200    runningboardd   [xpcservice<com.bitwarden.desktop.safari(501)>:81786] Set darwin role to: UserInteractiveNonFocal
default 11:40:25.204801+0200    runningboardd   [xpcservice<com.bitwarden.desktop.safari(501)>:81786] Ignoring GPU update because this process is not GPU managed
default 11:40:25.281246+0200    distnoted   register name: com.apple.xctest.FakeForceTouchDevice object: com.bitwarden.desktop.safari token: f426a pid: 81786
error   11:40:25.375313+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[81786], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
default 11:41:35.913356+0200    runningboardd   [xpcservice<com.bitwarden.desktop.safari(501)>:81786] Death sentinel fired!
default 11:41:35.933033+0200    runningboardd   Invalidating assertion 442-169-6304 (target:xpcservice<com.bitwarden.desktop.safari(501)>) from originator 169
default 11:41:36.017708+0200    runningboardd   Removing process: [xpcservice<com.bitwarden.desktop.safari(501)>:81786]
default 11:41:36.018960+0200    runningboardd   Removing assertions for terminated process: [xpcservice<com.bitwarden.desktop.safari(501)>:81786]
error   11:41:36.057538+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-6304 (target:xpcservice<com.bitwarden.desktop.safari(501)>)

[kspearrin]

@stranljip Where did you find this log?

[stranljip]

@kspearrin - you can find it in the console application - this is the frontend to the central logging system. I filtered it to the string 'com.bitwarden.desktop.safari' and clipped only the last few lines around the occurrence of the termination message. I haven't found the place where I can set the log level though. Digging through the net I found this - https://eclecticlight.co/2019/09/18/changing-security-makes-privacy-protection-confusing/ - I am not deep enough in macOS app development to decide whether or not it is relevant for the Bitwarden Safari extension. As always I would be happy to help you in order to produce more logs and function as tester.

[kspearrin]

Thanks. Does it consistently throw the same error messages each time the vault unexpectedly locks? If the extension is crashing, this locking behavior makes sense because it would be treated as a restart of the extension.

[stranljip]

Yep - always the same. Filtered on any:com.bitwarden.desktop.safari and message type:Error:

error   16:54:11.371093+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12594], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error   16:55:05.116086+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9153 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error   16:55:12.834743+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12608], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error   16:56:42.070168+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12646], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error   16:57:50.082014+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9177 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error   17:01:46.804713+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12929], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error   17:02:32.409499+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9199 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error   17:03:10.412121+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[13080], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error   17:05:35.874696+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9206 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error   17:34:03.785037+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[13522], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

[kspearrin]

@stranljip Are you using the App Store or dmg version?

[stranljip]

atm I am using the dmg version installed via Homebrew. If you want, I can switch to the App Store version.

[kspearrin]

@stranljip Please keep using the dmg. I was going to send you some dev build of the dmg to see if we can eliminate the crashing.

[stranljip]

I tried building the extension by myself, but my current lack of knowledge about XCode blocks me very effectively ... :-/

[kspearrin]

@stranljip If you hop in our developer chatroom, I could try to help.

https://gitter.im/bitwarden/Lobby

[stranljip]

I tested the last two days with a developer setup (thanks for the help @kspearrin!) and was not able to reproduce the error. I tried running with and without hardened runtime from XCode and also installed a self-compiled version with hardened runtime. The only thing I could still try is building the App w/o hardened runtime and install that, hoping that this somehow brings back the error and gives a clue that this may be the way to dig further. Big kudos to Kyle for dealing with this kind of stuff all the time ...

[stranljip]

Despite trying, I could not find a way to reproduce the problem from the IDE. If anyone has anymore hints, I will gladly try to use them in order to reproduce the problem.

[stranljip]

Problem is, that the bug now returned after a few days without experiencing it :-/

[stranljip]

I actually found a crash report from this morning: crash-report-bitwarden-safari.txt The crashed thread is:

Thread 4 Crashed:: Dispatch queue: com.apple.NSXPCConnection.user.endpoint
0   com.bitwarden.desktop.safari    0x000000010c8d7070 closure #1 in SafariExtensionViewController.userContentController(_:didReceive:) + 208
1   com.bitwarden.desktop.safari    0x000000010c8e3c40 thunk for @escaping @callee_guaranteed (@guaranteed SFSafariTab?) -> () + 48
2   com.apple.SafariServices.framework  0x00007fff43291415 __60+[SFSafariApplication getActiveWindowWithCompletionHandler:]_block_invoke + 52
3   com.apple.CoreFoundation        0x00007fff372a81dc __invoking___ + 140
4   com.apple.CoreFoundation        0x00007fff372a807f -[NSInvocation invoke] + 305
5   com.apple.Foundation            0x00007fff3992d439 __NSXPCCONNECTION_IS_CALLING_OUT_TO_REPLY_BLOCK__ + 17
6   com.apple.Foundation            0x00007fff3992a3e0 -[NSXPCConnection _decodeAndInvokeReplyBlockWithEvent:sequence:replyInfo:] + 684
7   com.apple.Foundation            0x00007fff39c0bbd5 __88-[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:]_block_invoke_3 + 216
8   libxpc.dylib                    0x00007fff6e9bfef4 _xpc_connection_reply_callout + 36
9   libxpc.dylib                    0x00007fff6e9bfe7c _xpc_connection_call_reply_async + 69
10  libdispatch.dylib               0x00007fff6e722578 _dispatch_client_callout3 + 8
11  libdispatch.dylib               0x00007fff6e739080 _dispatch_mach_msg_async_reply_invoke + 369
12  libdispatch.dylib               0x00007fff6e727980 _dispatch_lane_serial_drain + 263
13  libdispatch.dylib               0x00007fff6e728485 _dispatch_lane_invoke + 414
14  libdispatch.dylib               0x00007fff6e731a9e _dispatch_workloop_worker_thread + 598
15  libsystem_pthread.dylib         0x00007fff6e97b71b _pthread_wqthread + 290
16  libsystem_pthread.dylib         0x00007fff6e97b57b start_wqthread + 15

[kennymc-c]

I've had this problem for at least 2 weeks but for about 5-6 days the safe doesn't seem to lock randomly anymore. The app version is the same as before.

[georgesnow]

Yep - always the same. Filtered on any:com.bitwarden.desktop.safari and message type:Error:

error 16:54:11.371093+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12594], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error 16:55:05.116086+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9153 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error 16:55:12.834743+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12608], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error 16:56:42.070168+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12646], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error 16:57:50.082014+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9177 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error 17:01:46.804713+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[12929], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error 17:02:32.409499+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9199 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error 17:03:10.412121+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[13080], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
error 17:05:35.874696+0200    runningboardd   RBSStateCapture remove item called for untracked item 442-169-9206 (target:xpcservice<com.bitwarden.desktop.safari(501)>)
error 17:34:03.785037+0200    tccd    Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.bitwarden.desktop.safari, PID[13522], auid: 501, euid: 501, binary path: '/Applications/Bitwarden.app/Contents/PlugIns/safari.appex/Contents/MacOS/safari'}, REQ:{ID: com.apple.appleeventsd, PID[465], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

TCC is the security utility that manages Screen Capture, Automation etc...Looking at this error the application does not have the proper entitlements possibly sandboxing when using a Safari Extension or the application may not be probably signed (including frameworks).

[georgesnow]

I should add ACC refers to an app controlling another app. So the other possibility is the user denied the application from _sending_apple events to the other application.

This is a good basic/overview reference:

https://carlashley.com/2018/09/06/reading-tcc-logs-in-macos/

[georgesnow]

@stranljip also the reason it was probably not reproducible in the “developer” setup is because Xcode will generate a developer certificate allowing you compile and run “your own code” to debug and test.

[stranljip]

@georgesnow - Kudos for your findings and the explanation! It lets me hope, that we get a working version in Safari again soon :-)

[andrewkr]

I’ve been seeing this thread and thinking that I was grateful to not have experienced the random locking. Then yesterday it happened.

I’m not aware of any changes made on my Mac.

Late 2011 MacBook Pro running OS X 10.13.6 and Bitwarden is from the Mac App Store.

I haven’t noticed the random locking on my late 2012 Mac Mini which is running the same version of Bitwarden, but is running Mac OS 10.15.2

[georgesnow]

What version of safari are you running on 10.13 and 10.15?

[georgesnow]

This is really a question for the developers, but is the safari extension accessing the same data as the main application? The extension app can get denied access to the vault/data. There is some I will say annoying specifics about how safari and app extensions can interact with data from other apps.

[kspearrin]

The safari extension uses NSUserDefaults to store data. It does not use the main application's data file.

[andrewkr]

What version of safari are you running on 10.13 and 10.15?

On 10.15.1, Safari Version 13.0.3 (15608.3.10.1.4) On OS X 10.13.6, Safari Version 13.0.3 (13608.3.10.10.1)

[georgesnow]

The safari extension uses NSUserDefaults to store data. It does not use the main application's data file.

hmm generally... that's specific for user preference information (ie last opened file, save location, timeout for locking etc...).

In this case I am referring to the vault itself or is it connecting to bit wardens web backend to access the vault? I noticed the entitlements include network client/server permissions, and user selected files. If the vault is being locally stored and being accessed. The user has to grant explicitly permissions to a file via something like an open dialog unless in System preferences the app is granted full disk permissions.

[georgesnow]

so I was able to re-create the TCC error. I am not actually Bitwarden user and haven't used software but once maybe a year ago?

Anyway, I did a fresh install. I discovered if I tried to enable (literally just checking off the option in the preferences for Safari) for Safari extension after installing the app. I get the error when trying to use the button on the toolbar in Safari. I also noticed part of the error message was XPC I had to unlock the main application. Then re-enable the Safari extension. Then the safari extension worked.

[TheDaveAbides]

Same issue here. Safari 13.0.3. The vault will unexpectedly lock, even though the value us "on browser restart."

[georgesnow]

@kspearrin I looked at the code again based on your response about NSUserDefaults. Is the main app sharing the same NSUserdefaults as the Safari Extension? I ask because with app extensions if they are "sharing" UserDefaults the main app and the extension need to be in an "app group". So this could be causing the TCC error because a "sandbox" app is attempting to access resources outside it container without permissions.

hopefully, I am helping here.

reference about app groups: https://stackoverflow.com/questions/45607903/sharing-userdefaults-between-extensions

[kspearrin]

Nothing is shared at all between the main app and the extension. The desktop app is just used to install the extension. Nothing more.

[georgesnow]

Sorry Let me clarify I was referring to desktop version of Bitwarden (that’s built with electron/typescript). Not the target main app you have to build with the safari extension.

But from response I think you are implying they are considered completely separate instances. That goes back to safari extension attempting to access something outside the app container. And the only error catching I have seen is under the “downloadFile” command. And prompts for ns savep anel:

https://github.com/bitwarden/browser/blob/88b27469204bb19a8e203c10048f66b6d3f9da53/src/safari/safari/SafariExtensionViewController.swift#L194

[kspearrin]

Yes, I was referring to the desktop app as well. The extension app shares nothing with the desktop app other than its method of installation, which is now required by Apple.

[kennymc-c]

Since today my vault suddenly seems to lock randomly again after it went well for about 2 weeks.

[georgesnow]

I noticed the harden runtime on the GitHub repo had some of the harden runtime entitlements were removed. did it work previously? What is strange is why it takes so long before the app triggers the apple event.

[andrewkr]

I thought that I'd let you know that I've had a happy run of about 10 days with the Safari extension staying unlocked. I have had no system changes. I am still running Mac OS X 10.13.6 with Safari Version 13.0.3 (13608.3.10.10.1). That is all as it was 11 days ago when I last reported. It began behaving itself properly the day after my last report! (I do have a new problem. I'll report that in a new case very soon.)

[The-Big-V]

Hi all, I seem to have the same problem. It especially seems to happen when I wake the mac from sleep, as I often get a notification window to say that "Bitwarden (Safari) quit unexpectedly". The crash report includes the following:

Thread 5 Crashed:: Dispatch queue: com.apple.NSXPCConnection.user.endpoint
0   com.bitwarden.desktop.safari    0x000000010d4fe070 closure #1 in SafariExtensionViewController.userContentController(_:didReceive:) + 208
1   com.bitwarden.desktop.safari    0x000000010d50ac40 thunk for @escaping @callee_guaranteed (@guaranteed SFSafariTab?) -> () + 48
2   com.apple.SafariServices.framework  0x00007fff43bad415 __60+[SFSafariApplication getActiveWindowWithCompletionHandler:]_block_invoke + 52
3   com.apple.CoreFoundation        0x00007fff37b9e0ec __invoking___ + 140
4   com.apple.CoreFoundation        0x00007fff37b9df84 -[NSInvocation invoke] + 305
5   com.apple.Foundation            0x00007fff3a248439 __NSXPCCONNECTION_IS_CALLING_OUT_TO_REPLY_BLOCK__ + 17
6   com.apple.Foundation            0x00007fff3a2453e0 -[NSXPCConnection _decodeAndInvokeReplyBlockWithEvent:sequence:replyInfo:] + 684
7   com.apple.Foundation            0x00007fff3a526bd5 __88-[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:]_block_invoke_3 + 216
8   libxpc.dylib                    0x00007fff6f1d3ef4 _xpc_connection_reply_callout + 36
9   libxpc.dylib                    0x00007fff6f1d3e7c _xpc_connection_call_reply_async + 69
10  libdispatch.dylib               0x00007fff6ef32578 _dispatch_client_callout3 + 8
11  libdispatch.dylib               0x00007fff6ef49080 _dispatch_mach_msg_async_reply_invoke + 369
12  libdispatch.dylib               0x00007fff6ef37980 _dispatch_lane_serial_drain + 263
13  libdispatch.dylib               0x00007fff6ef38485 _dispatch_lane_invoke + 414
14  libdispatch.dylib               0x00007fff6ef41a9e _dispatch_workloop_worker_thread + 598
15  libsystem_pthread.dylib         0x00007fff6f18f71b _pthread_wqthread + 290
16  libsystem_pthread.dylib         0x00007fff6f18f57b start_wqthread + 15

[The-Big-V]

Update: same crash still happening with macOS 10.15.2 installed (Safari 13.0.4)

[georgesnow]

@kspearrin I had forgotten I believe I noticed this when working my own Safari extension that getting active window properly can cause this issue. I don't remember if it's cause because JavaScript sends message before the extension has validated. Or if the extension attempts to send message to page that is not consider "active".

I tested implemented similar thing as NNW uses Ping/Pong method which I believe helped. Also I saw Avast uses overriding (which is more complex) but based on their code comments it addresses a similar issue.

you could take look at som other safari extension handlers:

https://github.com/brentsimmons/NetNewsWire/blob/58b24f3349fc9ff143c4eae3429773af9f67e1f8/Mac/SafariExtension/SafariExtensionHandler.swift

https://github.com/avast/topee/blob/master/src/Framework/Sources/Swift/Private/SFSafariApplicationHelper.swift

[georgesnow]

I also got this happen from a fresh reboot of macOS opened Safari unlocked Bitwarden. I left Safari open for about an hour. Bitwarden had been idle but not clicked on since. I had accessed other webpages in that time.

[mariodian]

I also found more logs that show up around the time the plugin (PID: 6560) gets killed.

My another Safari plugin Mate (PID: 6591) gets killed at the same time too along with Webkit WebContent (PID: 6561) and Webkit Networking (PID: 6562).

default 13:00:27.808334+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 4 children, _eventMask=0x4c _childEventMask=0x46 Cancel=0 Touching=1 inRange=1
default 13:00:27.832271+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 2 children, _eventMask=0x2 _childEventMask=0x2 Cancel=0 Touching=0 inRange=1
default 13:00:27.938656+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 2 children, _eventMask=0x23 _childEventMask=0x22 Cancel=0 Touching=1 inRange=1
default 13:00:28.098155+0800    kernel  Sandbox: 2 duplicate reports for com.apple.WebKit deny(1) mach-lookup com.apple.CoreDisplay.Notification
error   13:00:28.098161+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.VoiceMemos/Data/Library/Preferences
error   13:00:28.104728+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.Home/Data/Library/Preferences
error   13:00:28.104754+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.Safari/Data/Library/Preferences
error   13:00:28.108584+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.iChat/Data/Library/Preferences
error   13:00:28.108776+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.CloudDocs.MobileDocumentsFileProvider/Data/Library/Preferences
error   13:00:28.109225+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.mail/Data/Library/Preferences
error   13:00:28.113671+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.news/Data/Library/Preferences
error   13:00:28.117065+0800    kernel  Sandbox: defaults(6629) System Policy: deny(1) file-read-data /Users/mariodian/Library/Containers/com.apple.stocks/Data/Library/Preferences
default 13:00:28.131818+0800    defaults    
The domain/default pair of (/Users/mariodian/Library/Preferences/com.apple.HIToolbox.plist, dummy) does not exist
default 13:00:28.149928+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 2 children, _eventMask=0x23 _childEventMask=0x43 Cancel=0 Touching=0 inRange=0
default 13:00:28.232039+0800    kernel  AGC:: [safari pid 6560 mux-aware] exiting, non-mux-aware app count 0, runtime: 0:04:29.826
error   13:00:28.232640+0800    kernel  Sandbox: com.apple.WebKit(6562) deny(1) process-info-dirtycontrol self
default 13:00:28.236386+0800    runningboardd   [xpcservice<com.apple.WebKit.Networking(501)>:6562] Death sentinel fired!
default 13:00:28.236541+0800    runningboardd   [xpcservice<andriiliakh.Instant-Translate.Mate-Translate-Safari(501)>:6591] Death sentinel fired!
default 13:00:28.237329+0800    launchservicesd QUITTING: pid=6562 asn=0x-0x2e47e45 foreground=0 wasFront=0
default 13:00:28.238739+0800    CommCenter  #I handleLSNotitifcation_sync: Application exited: <private>
default 13:00:28.239392+0800    launchservicesd QUITTING: pid=6591 asn=0x-0x2e4de4b foreground=0 wasFront=0
default 13:00:28.239856+0800    loginwindow -[PersistentAppsSupport applicationQuit:] | for app:com.apple.WebKit.Networking, _appTrackingState = 2
default 13:00:28.239952+0800    runningboardd   Invalidating assertion 283-141-102266 (target:xpcservice<com.apple.WebKit.Networking(501)>) from originator 141
default 13:00:28.240107+0800    runningboardd   [xpcservice<com.bitwarden.desktop.safari(501)>:6560] Death sentinel fired!
default 13:00:28.241395+0800    CommCenter  #I handleLSNotitifcation_sync: Application exited: <private>
default 13:00:28.242476+0800    loginwindow -[PersistentAppsSupport applicationQuit:] | for app:Mate Translate Safari (Safari), _appTrackingState = 2
default 13:00:28.242335+0800    runningboardd   Invalidating assertion 283-141-102317 (target:xpcservice<andriiliakh.Instant-Translate.Mate-Translate-Safari(501)>) from originator 141
default 13:00:28.243314+0800    launchservicesd QUITTING: pid=6560 asn=0x-0x2e46e44 foreground=0 wasFront=0
default 13:00:28.245213+0800    CommCenter  #I handleLSNotitifcation_sync: Application exited: <private>
default 13:00:28.246591+0800    loginwindow -[PersistentAppsSupport applicationQuit:] | for app:Bitwarden (Safari), _appTrackingState = 2
default 13:00:28.246529+0800    runningboardd   Invalidating assertion 283-141-102264 (target:xpcservice<com.bitwarden.desktop.safari(501)>) from originator 141
default 13:00:28.251102+0800    runningboardd   [xpcservice<com.apple.WebKit.WebContent(501)>:6561] Death sentinel fired!
default 13:00:28.251425+0800    launchservicesd QUITTING: pid=6561 asn=0x-0x2e48e46 foreground=0 wasFront=0
default 13:00:28.252904+0800    CommCenter  #I handleLSNotitifcation_sync: Application exited: <private>
default 13:00:28.253813+0800    runningboardd   Invalidating assertion 283-141-102268 (target:xpcservice<com.apple.WebKit.WebContent(501)>) from originator 141
default 13:00:28.253983+0800    loginwindow -[PersistentAppsSupport applicationQuit:] | for app:com.apple.WebKit.WebContent, _appTrackingState = 2
default 13:00:28.332217+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 2 children, _eventMask=0x63 _childEventMask=0x62 Cancel=0 Touching=1 inRange=1
default 13:00:28.341556+0800    runningboardd   Removing process: [xpcservice<andriiliakh.Instant-Translate.Mate-Translate-Safari(501)>:6591]
default 13:00:28.341553+0800    runningboardd   Removing process: [xpcservice<com.apple.WebKit.Networking(501)>:6562]
default 13:00:28.341577+0800    runningboardd   Removing process: [xpcservice<com.bitwarden.desktop.safari(501)>:6560]
default 13:00:28.342314+0800    runningboardd   [xpcservice<com.apple.WebKit.WebContent(501)>:6561] Ignoring jetsam update because this process is not memory-managed
default 13:00:28.342505+0800    runningboardd   [xpcservice<com.apple.WebKit.WebContent(501)>:6561] Ignoring suspend because this process is not lifecycle managed
default 13:00:28.342681+0800    runningboardd   [xpcservice<com.apple.WebKit.WebContent(501)>:6561] Ignoring GPU update because this process is not GPU managed
default 13:00:28.349666+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 3 children, _eventMask=0x60 _childEventMask=0x62 Cancel=0 Touching=1 inRange=1
default 13:00:28.358184+0800    runningboardd   Removing process: [xpcservice<com.apple.WebKit.WebContent(501)>:6561]
default 13:00:28.363399+0800    runningboardd   Removing assertions for terminated process: [xpcservice<andriiliakh.Instant-Translate.Mate-Translate-Safari(501)>:6591]
default 13:00:28.363538+0800    runningboardd   Removing assertions for terminated process: [xpcservice<com.apple.WebKit.Networking(501)>:6562]
default 13:00:28.363737+0800    runningboardd   Removing assertions for terminated process: [xpcservice<com.apple.WebKit.WebContent(501)>:6561]
default 13:00:28.364123+0800    runningboardd   Removing assertions for terminated process: [xpcservice<com.bitwarden.desktop.safari(501)>:6560]
default 13:00:28.403695+0800    symptomsd   defusing ticker tickerFatal having seen progress by flow for com.apple.WebKit, rxbytes 4195 duration 156.951 seconds started at time: Tue Dec 31 12:57:51 2019
default 13:00:28.406409+0800    symptomsd   defusing ticker tickerFatal having seen progress by flow for com.apple.WebKit, rxbytes 4731 duration 156.323 seconds started at time: Tue Dec 31 12:57:52 2019
default 13:00:28.619827+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 4 children, _eventMask=0x48 _childEventMask=0x42 Cancel=0 Touching=1 inRange=1
default 13:00:28.862891+0800    hidd    [HID] [MT] dispatchEvent Dispatching event with 2 children, _eventMask=0x23 _childEventMask=0x43 Cancel=0 Touching=0 inRange=0
default 13:00:28.893534+0800    com.apple.WebKit.WebContent CDN - initialize client context retry
default 13:00:28.893697+0800    com.apple.WebKit.WebContent CDN - client setup_remote_port
default 13:00:28.893929+0800    com.apple.WebKit.WebContent CDN - Bootstrap Port: 2563
error   13:00:28.894092+0800    kernel  Sandbox: com.apple.WebKit(93473) deny(1) mach-lookup com.apple.CoreDisplay.Notification

I'm also attaching full log for webkit networking from around the time of the kill.

Using Bitwarden 1.16.6 (dmg), the plugin is 1.42.0, Safari 13.0.3, Catalina 10.15.1

[mariodian]

Also, setting the Lock Options to "On Browser Restart" seems to leave the plugin unlocked.