New issue
Advanced search Search tips

Issue 840514 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Nov 26
Cc:
Components:
EstimatedDays: ----
NextAction: 2018-11-26
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Logging for extensions that use storage.local

Reported by kevin.se...@consensys.net, May 7 2018

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36

Steps to reproduce the problem:
1. Install the extension
2. Navigate to (on Windows): \AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
3. See the recent plaintext .log file.

What is the expected behavior?
An expected way to prevent these log files from being generated.

What went wrong?
Our application currently has log files that are exposing critical data in a plaintext format. We do not know what the behavior of how these log files are generated, nor do we know how to turn them off. 

Apologies for submitting this as an end-user, but didn't know how to classify as an extension problem on dev-side.

So tl;dr

1) How are log files generated for an extension?
2) Is there a way to turn off this behavior?

WebStore page: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn

Did this work before? N/A 

Chrome version: 66.0.3359.139  Channel: stable
OS Version: 10.0
Flash Version: 

Thank you kindly for your patience.
 
Labels: Needs-Triage-M66
Labels: M-68 Target-68 Triaged-ET FoundIn-68
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on chrome reported version 66.0.3359.139 and on latest chrome 68.0.3424.0 using Windows-10. As this issue is seen from M-60(60.0.3112.0). Hence considering this issue as Non-Regression and marking as Untriaged.
Note: Issue is not specific to Windows.

Thanks!
Cc: kelvinjiang@chromium.org
Labels: OS-Linux OS-Mac
Can you paste a sample log entry that you're seeing (that's meant to be turned off)

and where I can find these logs on Mac/Linux?
/home/[USER]/.config/google-chrome/[PROFILE]/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn

The logs here, we'd like to know how to remove them or turn off the extension from generating them.
The log file is much too big to paste, so I've attached it here.
000016.log
3.4 MB View Download
Cc: rdevlin....@chromium.org
CC Devlin:

Can a user disable an extension's permissions that were specified in the manifest? This bug/feature request sounds like a use case for something like this.
> Can a user disable an extension's permissions that were specified in the manifest? This bug/feature request sounds like a use case for something like this.

Currently, not for API permissions.  With RuntimeHostPermissions, the user can control access to specific sites, but not APIs.


This sounds like an issue with the specific extension, rather than the Chrome browser.  We document [1] that chrome.storage is not encrypted, and should *not* be used for any sensitive information.  There's not much we can do on the browser side to disallow the extension from choosing to ignore that guidance.

[1] https://developer.chrome.com/extensions/storage
Labels: -M-68 -Target-68
NextAction: 2018-11-26
I don't think there's anything left to do here on the Chrome side.  I'll plan on closing this out soon if there's nothing new.
The NextAction date has arrived: 2018-11-26
Status: WontFix (was: Untriaged)

Sign in to add a comment