Issue metadata
Sign in to add a comment
|
Chrome extension blacklist policy bypass
Reported by
aksubacct@gmail.com,
Aug 22
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Platform: 10452.100.0 (Official Build) stable-channel kefka Steps to reproduce the problem: 1. Create a website with an inline extension install button 2. Trigger the install action 3. Extension will proceed to install regardless of blacklist policy What is the expected behavior? The extension should have been blocked What went wrong? The extension was allowed to install when it was on the blacklist. WebStore page: Did this work before? Yes 66.0.3359.203 Chrome version: 65.0.3325.181 Channel: stable OS Version: 66.0.3359.203 Flash Version: 29.0.0.171 The extension will not persist across the account or if the account is removed and re-added.
,
Aug 22
Oh, this was from a Chromebook. I published it on my mac.
,
Aug 22
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 22
,
Aug 22
Checked on Google Chrome: 70.0.3524.2 Platform 10987.0.0 Followed Steps: 1. Added a chrome add on link to url blocking list in Cpanel. (https://chrome.google.com/webstore/detail/screencastify-screen-vide/mmeijimgabbpbgpdklnllpncmdofkcpn) 2. Enrolled device and logged in as a user. 3. Search for the app ("Screencastify") and load the web page. 4. On the app home page, click "Add to Chrome" button and Observe. Observation: Clicking on "Add to Chrome" redirects to error page "chrome.google.com is blocked" Attached screenshots. Please share the website details which helps to check the issue more precisely. Thanks.!
,
Aug 22
Also could you please provide the blacklist policy for blocking the extension.?
,
Aug 28
Ping. Could you please provide the requested details.?
,
Sep 19
chchakrapani: I don't think you are following the repro steps correctly. You are supposed to blacklist the extension itself (i.e. http://www.chromium.org/administrators/policy-list-3#ExtensionInstallBlacklist), not URL-blacklist the extension install URL. Can you try again using an extension blacklist this time?
,
Sep 20
I will retry and update the results ASAP.
,
Oct 1
Checked using yaps and observed the below error dialog upon blocking an extension. "Ooops Screencastify - Screen Video Recorder (extension ID "mmeijimgabbpbgpdklnllpncmdofkcpn" is blocked by the administrator". Attached Screenshot. Please take a look.
,
Nov 30
OK, marking as wontfix due to no repro.
,
Dec 3
It was already fixed in chrome version 70 atwilson@chromium.org |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rsleevi@chromium.org
, Aug 22Labels: Needs-Feedback