-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
disable chrome.webstore.install for inline extensions #614
Labels
Milestone
Comments
Noting possibly the right thing is to redirect instead of remove the API. |
@AilinLiao @bsclifton after this lands you'll have to rebase your patch I think. |
QA note: zenhub has an extension on their page which uses this API. |
Verification passes on
redirected to ZenHub for GitHub on chrome web store Verification Passed on
Went through verification using the following build under macOS 10.13.6 x64 - PASSED
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
context: https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
inline extensions are a huge malware risk. we should disable them in Brave.
AFAIK it is sufficient to disable the chrome.webstore.install method
note that in c71, chrome will disable it as well (possibly with a redirect to CWS which would be slightly better UX than silently failing).
The text was updated successfully, but these errors were encountered: