[Security] Crypto Wallet/Greaselion should not be allowed to run on Private/Tor windows by default - Githubissues

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.

https://brave.com

Mozilla Public License 2.0

17.58k stars 2.28k forks source link

[Security] Crypto Wallet/Greaselion should not be allowed to run on Private/Tor windows by default #13506

Closed srirambv closed 3 years ago

srirambv commented 3 years ago

Description

Greaselion shouldn't have an option for Allow in Private under extension details since Rewards doesn't work on Private / Tor / Guest windows. Similarly Crypto Wallet should not be allowed to run in Private / Tor / Guest as well

Steps to Reproduce

Greaselion

Launch nightly with --show-component-extension-options
Open brave://extensions and go to details for any greaselion
Allow in Private option is available and enabled by default

Crypto Wallet

Launch nightly with --show-component-extension-options
Open brave://wallet and install component
Go to brave://extensions and go to details for Crypto Wallet Component
Allow in Private option is available and enabled by default

Actual result:

Expected result:

Greaselion shouldn't have an option for Allow in private since Rewards isn't going to work on Private / Tor / Guest windows. Crypto Wallet shouldn't have Allow in private mode enabled by default

Reproduces how often:

Easy

Brave version (brave://version info)

Brave	1.20.73 Chromium: 88.0.4324.79 (Official Build) nightly (64-bit)
Revision	`bd1e9353659b2491dac971226a973ca3b5684a14-refs/branch-heads/4324@{#1520}`
OS	Linux

Version/Channel Information:

Can you reproduce this issue with the current release? Yes
Can you reproduce this issue with the beta channel? Yes
Can you reproduce this issue with the nightly channel? Yes

Other Additional Information:

Does the issue resolve itself when disabling Brave Shields? NA
Does the issue resolve itself when disabling Brave Rewards? NA
Is the issue reproducible on the latest version of Chrome? NA

Miscellaneous Information:

diracdeltas commented 3 years ago

not sure if https://github.com/brave/brave-browser/issues/13279 is related, but would be good to fix that issue as well

darkdh commented 3 years ago

@diracdeltas #13279 will also be fixed

srirambv commented 3 years ago

Verification passed on

Brave	1.20.100 Chromium: 88.0.4324.146 (Official Build) (64-bit)
Revision	`406dc88511162d6598242f2c709be1414a042fb0-refs/branch-heads/4324@{#2088}`
OS	Linux

Verified Greaselion extensions don't have a Allow in private option
Verified CryptoWallet extension has Allow in private disabled by default
Verified enabling Allow in private works as expected

Verification passed on

Brave	1.20.100 Chromium: 88.0.4324.146 (Official Build) (64-bit)
Revision	`406dc88511162d6598242f2c709be1414a042fb0-refs/branch-heads/4324@{#2088}`
OS	Windows 10 OS Version 2009 (Build 19042.746)

Verified Greaselion extensions don't have a Allow in private option
Verified CryptoWallet extension has Allow in private disabled by default
Verified enabling Allow in private works as expected

Verification passed on

Brave	1.20.100 Chromium: 88.0.4324.146 (Official Build) (x86_64)
Revision	406dc88511162d6598242f2c709be1414a042fb0-refs/branch-heads/4324@{#2088}
OS	macOS Version 10.15.7 (Build 19H114)

Verified Greaselion extensions don't have a Allow in private option
Verified CryptoWallet extension has Allow in private disabled by default
Verified enabling Allow in private works as expected