Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable the Google Hangouts extension (included by Chromium) by default. #24583

Merged
merged 1 commit into from
Jul 10, 2024
Merged

Disable the Google Hangouts extension (included by Chromium) by default. #24583

merged 1 commit into from
Jul 10, 2024
+7 −6

Conversation

bsclifton
Copy link
Member

@bsclifton bsclifton commented Jul 10, 2024
edited
Loading

Disabling will add the extension to a block list.
This won't affect people who have toggled the setting - for example, someone who manually enabled or disabled.

Google Meet seems to work great with this extension blocked.

Fix brave/brave-browser#39664

First step towards fixing brave/brave-browser#39660

Long term goal would be to remove the extension code: https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/resources/hangout_services/manifest_v3.json;l=24-30

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Person has never edited setting

  1. Have a version of Brave before this change - clean profile.
  2. Visit brave://settings/extensions
  3. Hangouts should be enabled by default
  4. Upgrade to a version of Brave which has this fix
  5. Visit brave://settings/extensions
  6. Hangouts should be disabled by default

Person has edited setting

  1. Have a version of Brave before this change - clean profile.
  2. Visit brave://settings/extensions
  3. Hangouts should be enabled by default. Toggle it to OFF. Then back to ON.
  4. Upgrade to a version of Brave which has this fix
  5. Visit brave://settings/extensions
  6. Hangouts should be enabled because it was last set by the person

Testing disabled is disabling the extension

Snippet courtesy of https://fedi.simonwillison.net/@simon/112757810519145581

  1. Have any version of Brave
  2. Visit brave://settings/extensions
  3. Toggle Hangouts to OFF
  4. Visit brave://extensions-internals/
  5. All extension data showing as JSON. Search page for nkeimhogjdpnpccoofpliimaahmaaome
  6. You should see the hangouts extension. Verify it has "disable_reasons": [ "DISABLE_BLOCKED_BY_POLICY" ],
  7. Visit https://google.com
  8. Open the dev tools
  9. In the console, paste in the following and hit Enter: 
    chrome.runtime.sendMessage(
  "nkeimhogjdpnpccoofpliimaahmaaome",
  { method: "cpu.getInfo" },
  (response) => {
    console.log(JSON.stringify(response, null, 2));
  },
);
  10. There should be an error shown in console and no information should show.

Testing enabling allows the extension

Snippet courtesy of https://fedi.simonwillison.net/@simon/112757810519145581

  1. Have any version of Brave
  2. Visit brave://settings/extensions
  3. Toggle Hangouts to ON
  4. Visit brave://extensions-internals/
  5. All extension data showing as JSON. Search page for nkeimhogjdpnpccoofpliimaahmaaome
  6. You should see the hangouts extension. Verify the JSON does NOT have disable_reasons in it.
  7. Visit https://google.com
  8. Open the dev tools
  9. In the console, paste in the following and hit Enter: 
    chrome.runtime.sendMessage(
  "nkeimhogjdpnpccoofpliimaahmaaome",
  { method: "cpu.getInfo" },
  (response) => {
    console.log(JSON.stringify(response, null, 2));
  },
);
  10. Information should be logged via the console. An example of what part of the response should look like: 
    {
    "usage": {
      "idle": 389213437500,
      "kernel": 557500000,
      "total": 391706250000,
      "user": 1935312500
    }
  },
  {
    "usage": {
      "idle": 387985937500,
      "kernel": 789531250,
      "total": 391706406250,
      "user": 2930937500
    }
  },
@bsclifton bsclifton self-assigned this Jul 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "policy" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.
@bsclifton bsclifton mentioned this pull request Jul 10, 2024
Closed
@The-Compiler The-Compiler mentioned this pull request Jul 10, 2024
Closed
@bsclifton bsclifton mentioned this pull request Jul 10, 2024
Closed
6 tasks
@bsclifton
Disable the Google Hangouts extension (included by Chromium) by default.
d1e7505 
Fixes brave/brave-browser#39664

Disabling will add the extension to a block list.
This won't affect people who have toggled the setting - for example,
someone who manually enabled or disabled.

Google Meet seems to work great with this extension blocked.

First step towards fixing brave/brave-browser#39660

Long term goal would be to remove the extension code:
https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/resources/hangout_services/manifest_v3.json;l=24-30
@bsclifton bsclifton force-pushed the bsc-disable-google-hangouts-extension branch from fafa652 to d1e7505 Compare July 10, 2024 17:24
@bsclifton bsclifton enabled auto-merge July 10, 2024 17:33
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push
@bsclifton bsclifton merged commit 3167c4a into master Jul 10, 2024
16 checks passed
@bsclifton bsclifton deleted the bsc-disable-google-hangouts-extension branch July 10, 2024 19:09
@github-actions github-actions bot added this to the 1.69.x - Nightly milestone Jul 10, 2024
brave-builds added a commit that referenced this pull request Jul 10, 2024
@brave-builds
Uplift of #24583 (squashed) to beta
ed7cdfb
brave-builds added a commit that referenced this pull request Jul 10, 2024
@brave-builds
Uplift of #24583 (squashed) to release
868147a
This was referenced Jul 10, 2024
Merged
Merged
@bsclifton bsclifton mentioned this pull request Jul 11, 2024
Merged
24 tasks
@stephendonner
Copy link
Collaborator

stephendonner commented Jul 11, 2024
edited
Loading

Verification PASSED using

Brave | 1.69.98 Chromium: 127.0.6533.26 (Official Build) nightly (64-bit)
-- | --
Revision | a7710883b2316472175f7b756e561cca3f02b254
OS | Windows 10 Version 22H2 (Build 19045.4651)

Case 1: Upgrade, default - PASSED

  1. installed 1.67.123
  2. launched Brave (release)
  3. opened brave://settings/extensions
  4. confirmed Hangouts is toggled On/Enabled
  5. upgraded to 1.69.98 by renaming Brave-Browser profile to Brave-Browser-Nightly
  6. installed launched Brave 1.69.98 (nightly)
  7. opened brave://settings/extensions

Confirmed Hangouts is toggled Off/Disabled

1.67.123 1.69.98
image image

Case 2: Upgrade, user-modified setting - PASSED

  1. installed and launched 1.67.123 (release)
  2. opened brave://settings/extensions
  3. toggled Hangouts from its default of Enabled to Disabled, and then finally toggled back to Enabled/On
  4. installed 1.69.98
  5. launched Brave (nightly)
  6. opened brave://settings/extensions
  7. looked at the value for the Hangouts preference

Confirmed Hangouts was still set to Enabled/On

1.67.123 1.69.98
image image

Case 3: Disabling the pref disables the extension - PASSED

Steps:

  1. installed 1.69.98
  2. launched Brave
  3. opened brave://settings/extensions
  4. confirmed Hangouts is set to Disabled/Off
  5. opened brave://extensions-internals
  6. grepped for DISABLE_BLOCKED_BY_DEFAULT
  7. confirmed disable_reasons for the Hangouts extension ID nkeimhogjdpnpccoofpliimaahmaaome was set to the above
  8. loaded google.com
  9. opened the Developer Tools' Console
  10. pasted the following snippet:
chrome.runtime.sendMessage(
  "nkeimhogjdpnpccoofpliimaahmaaome",
  { method: "cpu.getInfo" },
  (response) => {
    console.log(JSON.stringify(response, null, 2));
  },
);
  1. confirmed I got the following error: Uncaught TypeError: Cannot read properties of undefined (reading "sendMessage") at <anonymous>:1:16
brave://settings/extensions brave://extensions-internals Google.com w/ Dev Console
image image image

Case 4: Enabling the pref allows the extension - PASSED

Steps:

  1. installed 1.69.98
  2. launched Brave
  3. opened brave://settings/extensions
  4. toggled Hangouts to Enabled/On
  5. opened brave://extensions-internals
  6. grepped for DISABLE_BLOCKED_BY_DEFAULT
  7. confirmed disable_reasons is NOT present for the Hangouts extension ID nkeimhogjdpnpccoofpliimaahmaaome
  8. loaded google.com
  9. opened the Developer Tools' Console
  10. pasted the following snippet:
chrome.runtime.sendMessage(
  "nkeimhogjdpnpccoofpliimaahmaaome",
  { method: "cpu.getInfo" },
  (response) => {
    console.log(JSON.stringify(response, null, 2));
  },
);
  1. confirmed I got the following output, without errors:
{
        "usage": {
          "idle": 1573165468750,
          "kernel": 32185000000,
          "total": 1643948125000,
          "user": 38597656250
        }
 },
brave://settings/extensions brave://extensions-internals Google.com w/ Dev Console
image image image
bsclifton pushed a commit that referenced this pull request Jul 11, 2024
@brave-builds @bsclifton
Uplift of #24583 (squashed) to release
a301310
bsclifton pushed a commit that referenced this pull request Jul 11, 2024
@brave-builds @bsclifton
Uplift of #24583 (squashed) to beta
da220d9
kjozwiak pushed a commit that referenced this pull request Jul 12, 2024
@brave-builds
Disable the Google Hangouts extension (included by Chromium) by defau…
798945b 
…lt. (uplift to 1.68.x) (#24592)

Uplift of #24583 (squashed) to beta
kjozwiak pushed a commit that referenced this pull request Jul 12, 2024
@brave-builds
Disable the Google Hangouts extension (included by Chromium) by defau…
d1cff71 
…lt. (uplift to 1.67.x) (#24593)

Uplift of #24583 (squashed) to release
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-security-review
6 participants
@bsclifton @brave-builds @stephendonner @ShivanKaul @thypon @bcaller