Logging for extensions that use storage.local
Reported by
kevin.se...@consensys.net,
May 7 2018
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Steps to reproduce the problem: 1. Install the extension 2. Navigate to (on Windows): \AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn 3. See the recent plaintext .log file. What is the expected behavior? An expected way to prevent these log files from being generated. What went wrong? Our application currently has log files that are exposing critical data in a plaintext format. We do not know what the behavior of how these log files are generated, nor do we know how to turn them off. Apologies for submitting this as an end-user, but didn't know how to classify as an extension problem on dev-side. So tl;dr 1) How are log files generated for an extension? 2) Is there a way to turn off this behavior? WebStore page: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn Did this work before? N/A Chrome version: 66.0.3359.139 Channel: stable OS Version: 10.0 Flash Version: Thank you kindly for your patience.
,
May 9 2018
Able to reproduce the issue on chrome reported version 66.0.3359.139 and on latest chrome 68.0.3424.0 using Windows-10. As this issue is seen from M-60(60.0.3112.0). Hence considering this issue as Non-Regression and marking as Untriaged. Note: Issue is not specific to Windows. Thanks!
,
Nov 2
Can you paste a sample log entry that you're seeing (that's meant to be turned off) and where I can find these logs on Mac/Linux?
,
Nov 14
/home/[USER]/.config/google-chrome/[PROFILE]/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn The logs here, we'd like to know how to remove them or turn off the extension from generating them.
,
Nov 14
CC Devlin: Can a user disable an extension's permissions that were specified in the manifest? This bug/feature request sounds like a use case for something like this.
,
Nov 16
> Can a user disable an extension's permissions that were specified in the manifest? This bug/feature request sounds like a use case for something like this. Currently, not for API permissions. With RuntimeHostPermissions, the user can control access to specific sites, but not APIs. This sounds like an issue with the specific extension, rather than the Chrome browser. We document [1] that chrome.storage is not encrypted, and should *not* be used for any sensitive information. There's not much we can do on the browser side to disallow the extension from choosing to ignore that guidance. [1] https://developer.chrome.com/extensions/storage
,
Nov 20
I don't think there's anything left to do here on the Chrome side. I'll plan on closing this out soon if there's nothing new.
,
Nov 26
The NextAction date has arrived: 2018-11-26
,
Nov 26
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by susan.boorgula@chromium.org
, May 8 2018