Why Chrome Disable Extensions like a Malware?

[Ozzy Ozbour]

I have found the following message This extension may have been corrupted by malware.

 But it is not a malware! How to enable extensions and why they are disabled without any prompt?

[Reilly Grant]

Extensions are disabled automatically if changes to the extension are detected after it is installed to prevent malware from hijacking trusted extensions. If the extension has been disabled incorrectly please contact the extension author as false-positives are usually a packaging issue that is easy to resolve.

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/ab407bfe-94ec-424a-b7dd-9cbc1c23553a%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

[Don Schmitt]

In what ways are false positives a "packaging issue"?  Examples?  It doesn't seem right that a false positive could ever be the fault of the extension developer.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/CAEmk%3DMa__fcLEf9BUY5K5ejb-FdiFY_9uZt5%3DZugz54yVvFRhA%40mail.gmail.com.

[roc...@chromium.org]

I don't think it was suggested that the developer is at fault, but rather that there are some bugs in the verification system that can be worked around (until Chrome is fixed) by repackaging the extension.

There are two known outstanding issues:

- If the manifest refers to files with certain path formats (namely using a Unix style shortcut like '.', as in "./foo/bar.js"), verification will fail on Windows hosts and the extension can be wrongfully disabled. This is easily remedied by replacing such paths (e.g. with simply "/foo/bar.js").

- If any part of the extension refers to a resource with the wrong case (as in the CRX contains 'foo.js' but code loads it as 'Foo.js') verification will also fail. It should be noted that such extensions will normally only work on Mac and Windows anyway, so it is probably worthwhile for the extension author to address this.

If neither of these known issues apply to the extension in question, please post more details. What extension is it?


Thanks

Ken

On Monday, September 22, 2014 11:22:19 AM UTC-7, donaddon wrote:
> In what ways are false positives a "packaging issue"?  Examples?  It doesn't seem right that a false positive could ever be the fault of the extension developer.
>
>
> On Sun, Sep 21, 2014 at 2:02 PM, Reilly Grant <rei...@chromium.org> wrote:
>
> Extensions are disabled automatically if changes to the extension are detected after it is installed to prevent malware from hijacking trusted extensions. If the extension has been disabled incorrectly please contact the extension author as false-positives are usually a packaging issue that is easy to resolve.
>
>
>
>
> On Sun, Sep 21, 2014 at 5:49 AM, Ozzy Ozbour <twit...@googlemail.com> wrote:
>
>
> I have found the following message This extension may have been corrupted by malware.
>  But it is not a malware! How to enable extensions and why they are disabled without any prompt?
>
>
>
>
>
>
>
>
>
>
>
>
>

[Ozzy Ozbour]

Extensions are disabled automatically if changes to the extension are detected after it is installed to prevent malware from hijacking trusted extensions. If the extension has been disabled incorrectly please contact the extension author as false-positives are usually a packaging issue that is easy to resolve.

There is not false positive, but false negative or a real-time manipulation. Why Chrome blocks any extension I have installed from the Web Store? 

You can see this on the attached screenshot. AdBlock, AdBlockk Plus, Last Pass with over 20M users is malware? Nonsense.

[Ken Rockot]

Yes these extensions are clearly not malware and in fact they are also not affected by any of the bugs I mentioned.

They are not normally auto-disabled for users, so this may be a strong indication that your PC is in fact infected with malware which is trying to hijack those extensions. This is precisely what Chrome is trying to detect and guard against here.

--
You received this message because you are subscribed to a topic in the Google Groups "Chromium-extensions" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/chromium-extensions/aZ8GrqfBe10/unsubscribe.
To unsubscribe from this group and all its topics, send an email to chromium-extens...@chromium.org.

To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/8bf63ff9-283e-4464-a357-151a92d89ff7%40chromium.org.

[Ozzy Ozbour]

so this may be a strong indication that your PC is in fact infected with malware

No, may PC is not infected by any malware. I'm developer and I clearly know that.

I already know how to reproduce this issue on every PC, but there is one question, 

why Chrome use this solution to disable third party extensions and WontFix this?

[Ken Rockot]

Great, please file a bug report explaining how to reproduce this issue on every PC. (http://crbug.com/new). Thanks!

--

You received this message because you are subscribed to a topic in the Google Groups "Chromium-extensions" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/chromium-extensions/aZ8GrqfBe10/unsubscribe.
To unsubscribe from this group and all its topics, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f2a69035-a374-4d73-a157-08bd4d0456e1%40chromium.org.

[Ozzy Ozbour]

Thanks Ken, this is already know bug with the status WontFix?

Extension Content Verification

[Don Schmitt]

Ken, thanks for the clarification and the details about the known issues.

>>>> What extension is it?

We are getting a few customer reports that we haven't isolated...will hit crbug.com if we can reproduce.

Thanks,

 - Don

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/5d09f0fb-dec6-4ea8-afbb-cce0e60d8595%40chromium.org.

[Antony Sargent]

That bug (388200) was from a while back when the code wasn't at all working yet - people seemed to have discovered the command line flags to turn it on and were trying it out, but we weren't ready for bug reports yet because it was expected that it wasn't working at that time. 

It is now working in most cases as far as we know (modulo the bugs Ken mentioned), but we're interesting in hearing about and fixing any other bugs. 

On Mon, Sep 22, 2014 at 1:48 PM, Ozzy Ozbour <twit...@googlemail.com> wrote:

Thanks Ken, this is already know bug with the status WontFix?

Extension Content Verification

--

You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/0202c32b-9967-4ae4-b8b5-2f686f676129%40chromium.org.