Richard Chen (Gerrit)

unread,

Jun 3, 2025, 2:50:04 PM6/3/25

to Anunoy Ghosh, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Anunoy Ghosh

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:

Anunoy Ghosh

Submit Requirements:

Code-Coverage
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Devlin Cronin (Gerrit)

unread,

Jun 5, 2025, 4:31:28 PM6/5/25

to Richard Chen, Devlin Cronin, Oliver Dunk, Anunoy Ghosh, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Anunoy Ghosh, Oliver Dunk and Richard Chen

Devlin Cronin voted and added 3 comments

Votes added by Devlin Cronin

Code-Review

+1

3 comments

Patchset-level comments

File-level comment, Patchset 5 (Latest):

Devlin Cronin . unresolved

Thanks, Richard! LGTM, but let's maybe wait 'til the comments on the doc are resolved to land this, if we want to bundle comms together.

File chrome/browser/extensions/extension_service.cc

Line 417, Patchset 5 (Latest): LOG(WARNING) << "--disable-extensions-except is not allowed in Google "

Devlin Cronin . unresolved

nit: maybe either add:

// Must be --disable-extensions-except, per the CHECK above.

or

DCHECK_EQ(switch_name, switches::kDisableExtensionsExcept);

(The DCHECK basically just serves as documentation, not any additional validation)

File extensions/common/extension_features.cc

Line 205, Patchset 5 (Latest):#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS)

Devlin Cronin . unresolved

do we need the !chromeos flag for this one? (I know we did for load-extension, but wasn't sure if there was usage of this switch)

Open in Gerrit

Related details

Attention is currently required from:

Anunoy Ghosh
Oliver Dunk
Richard Chen

Submit Requirements:

Code-Coverage
Code-Review
No-Unresolved-Comments

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Richard Chen (Gerrit)

unread,

Jun 6, 2025, 6:14:49 PM6/6/25

to Devlin Cronin, Oliver Dunk, Anunoy Ghosh, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Anunoy Ghosh and Oliver Dunk

Richard Chen added 3 comments

Patchset-level comments

File-level comment, Patchset 5:

Devlin Cronin . resolved

Thanks, Richard! LGTM, but let's maybe wait 'til the comments on the doc are resolved to land this, if we want to bundle comms together.

Richard Chen

SGTM

File chrome/browser/extensions/extension_service.cc

Line 417, Patchset 5: LOG(WARNING) << "--disable-extensions-except is not allowed in Google "

Devlin Cronin . resolved

nit: maybe either add:
// Must be --disable-extensions-except, per the CHECK above.
or
DCHECK_EQ(switch_name, switches::kDisableExtensionsExcept);
(The DCHECK basically just serves as documentation, not any additional validation)

Richard Chen

Done. thanks for the suggestion!

File extensions/common/extension_features.cc

Line 205, Patchset 5:#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS)

Devlin Cronin . resolved

do we need the !chromeos flag for this one? (I know we did for load-extension, but wasn't sure if there was usage of this switch)

Richard Chen

I saw some internal usages but [UMA](https://screenshot.googleplex.com/7GkPq6dqNqk5bNt) shows no usages on ChromeOS so I agree with also restricting on ChromeOs

Open in Gerrit

Related details

Attention is currently required from:

Anunoy Ghosh
Oliver Dunk

Submit Requirements:

Code-Coverage
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Oliver Dunk (Gerrit)

unread,

Jun 12, 2025, 8:14:41 AM6/12/25

to Richard Chen, Devlin Cronin, Anunoy Ghosh, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Anunoy Ghosh and Richard Chen

Oliver Dunk voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Anunoy Ghosh
Richard Chen

Submit Requirements:

Code-Coverage
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Anunoy Ghosh (Gerrit)

unread,

Jun 12, 2025, 9:15:57 AM6/12/25

to Richard Chen, Oliver Dunk, Devlin Cronin, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Attention needed from Richard Chen

Anunoy Ghosh voted and added 1 comment

Votes added by Anunoy Ghosh

Code-Review

+1

1 comment

Patchset-level comments

File-level comment, Patchset 7 (Latest):

Anunoy Ghosh . resolved

LGTM! Thanks Richard!

Open in Gerrit

Related details

Attention is currently required from:

Richard Chen

Submit Requirements:

Code-Coverage
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Richard Chen (Gerrit)

unread,

Jun 12, 2025, 9:16:23 AM6/12/25

to Anunoy Ghosh, Oliver Dunk, Devlin Cronin, Chromium LUCI CQ, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Richard Chen voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Review

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Chromium LUCI CQ (Gerrit)

unread,

Jun 12, 2025, 9:59:00 AM6/12/25

to Richard Chen, Anunoy Ghosh, Oliver Dunk, Devlin Cronin, chromium...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Chromium LUCI CQ submitted the change

Change information

Commit message:

Remove `--disable-extensions-except` switch on Chrome builds

Part of an on-going effort to reduce harm from the malicious
command-line extensions, this CL removes the exploited switch
only on Chrome builds.

Bug: 419530940

Change-Id: Idf67bd3cc2e75b09f76c4e48bbb3a893e3be9037

Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6618546

Commit-Queue: Richard Chen <ric...@google.com>

Reviewed-by: Oliver Dunk <olive...@chromium.org>

Reviewed-by: Anunoy Ghosh <anu...@chromium.org>

Reviewed-by: Devlin Cronin <rdevlin...@chromium.org>

Cr-Commit-Position: refs/heads/main@{#1473020}

Files:

M chrome/browser/extensions/extension_service.cc
M chrome/browser/extensions/extension_service_unittest.cc
M extensions/common/extension_features.cc
M extensions/common/extension_features.h

Change size: S

Delta: 4 files changed, 45 insertions(+), 3 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Anunoy Ghosh, +1 by Oliver Dunk, +1 by Devlin Cronin

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

Remove `--disable-extensions-except` switch on Chrome builds [chromium/src : main]

Richard Chen (Gerrit)

New activity on the change

Related details

Devlin Cronin (Gerrit)

Devlin Cronin voted and added 3 comments

Votes added by Devlin Cronin

3 comments

Related details

Richard Chen (Gerrit)

Richard Chen added 3 comments

Related details

Oliver Dunk (Gerrit)

Oliver Dunk voted Code-Review+1

Related details

Anunoy Ghosh (Gerrit)

Anunoy Ghosh voted and added 1 comment

Votes added by Anunoy Ghosh

1 comment

Related details

Richard Chen (Gerrit)

Richard Chen voted Commit-Queue+2

Related details

Chromium LUCI CQ (Gerrit)

Chromium LUCI CQ submitted the change

Change information