PSA: Security fix in Extension Update Testing Tool
73 views
Skip to first unread message
Oliver Dunk
Jun 18, 2026, 12:08:30 PM (yesterday) Jun 18
to Chromium Extensions
Hi all,
We recently published a new version of the Extension Update Testing Tool which fixes a security vulnerability that was reported to us.
The tool is intended as a development tool and the exploit was only possible while the tool was running. However, as it allows arbitrary files to be written to the system by a malicious site, we encourage you to update as soon as possible.
As part of this fix, you must now always package your extension into a zip file before uploading it in the tool. Previously, we supported uploading a directory, but this had known limitations (it can be slow for large extensions) and used custom logic which was harder to maintain.
You can read the full report on GitHub. Thank you to Andrew Ridings in the community for reporting this and working with us to verify the fix.
Thanks,
Oliver on behalf of Chrome Extensions DevRel
We recently published a new version of the Extension Update Testing Tool which fixes a security vulnerability that was reported to us.
The tool is intended as a development tool and the exploit was only possible while the tool was running. However, as it allows arbitrary files to be written to the system by a malicious site, we encourage you to update as soon as possible.
As part of this fix, you must now always package your extension into a zip file before uploading it in the tool. Previously, we supported uploading a directory, but this had known limitations (it can be slow for large extensions) and used custom logic which was harder to maintain.
You can read the full report on GitHub. Thank you to Andrew Ridings in the community for reporting this and working with us to verify the fix.
Thanks,
Oliver on behalf of Chrome Extensions DevRel
Reply all
Reply to author
Forward
0 new messages