Brave desktop periodically removes EditThisCookie extension without warning

Note: I’ve created this same issue in the GitHub repo for EditThisCookie. Perhaps between there and here, it will be possible to solve this. https://github.com/ETCExtensions/Edit-This-Cookie/issues/361


Description of the issue:

Brave desktop periodically removes the EditThisCookie extension without warning

How can this issue be reproduced?

  1. Install EditThisCookie Chrome extension https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg
  2. Pin the extension so you can see that it’s present
  3. Wait a few days
  4. Observe: The extension is randomly removed - uninstalled, not just unpinned
  5. Observe: If the extension is reinstalled, it returns to the pinned position. Brave remembers what position it was in.

Expected result:

Expected: Extension remains in place

Brave Version( check About Brave):

Version 1.57.53 Chromium: 116.0.5845.114 (Official Build) (x86_64)

Additional Information:

This happens on Mac, Windows, and Linux. Sync is enabled on the profiles, if this makes a difference.

This isn’t a recent regression, it’s been happening for an unknown amount of time. Every month or two I go to use the extension and find it missing.

The issue happens across multiple browser profiles. i.e., I have multiple Brave browser profiles for work, personal, games, etc.

@mcgroarty It might be part of your security settings. I went to comb through the internet to see if I found anyone else experiencing this issue, especially using other Chromium browsers. One of the early things I found was where Google’s Bard provided the information below:

Of course, the key thing I was seeing is where it mentioned that it’s a malicious extension that can pose a risk.

image

And as I looked, I found sites like https://gologin.com/blog/best-cookie-editor#3_EditThisCookie which seemed to speak the same way a bit:


That said, if you have protection on (which is default in Brave), I’m wondering if that could lead to it?

image

This is just random thought(s) for now. Keep in mind I’m just another user. I’m going to tag in @Mattches in hopes he’ll see your topic and might have some more answers on why the extension might be vanishing without any notice.

Oh, and @mcgroarty, I also want to make sure, nothing else but this extension disappears from your browser? You’re not losing any passwords, bookmarks, other extensions or anything else?

Guess just also sitting here wondering if any external programs like a Avast Cleaner or CCleaner might remove, or if you had antivirus programs that might be catching and removing. They still could play a role in this, but if it’s the former would expect more than just one extension to disappear. If it’s the latter, it’s still a possibility. But yeah…

Thank you. Every cookie editor I’ve seen has had some articles that warn about the risks of granting cookie access. I chose this one because it’s open source, has very simple source code, and it’s easy to compare against the version published through Google. That it hasn’t been updated since 2020 means the version I compared against the public source repository is still current. That’s given me reasonable comfort.

The Safe Browsing setting in Brave indicates that I should receive a warning if it detects something dangerous. But maybe someone else knows something different.

Also, if someone wants to suggest a better extension or approach, the main functionality I use this extension for is wiping all the cookies from the current domain. That’s particularly useful for troubleshooting, and having it all available on a single menu click saves a lot of time.

Pretty sure that exists automatically here on Brave. Just click on the lock icon in your search/URL barimage (like image to left) and then you can click to see the cookies being used. It shows up like below:

image

You’d just hit the trash icon and that domain’s cookies would be deleted.

And if you’re using Shields, should be blocking cross-site cookies and all. But again, maybe I’m misunderstanding. I’m assuming Mattches should see this tomorrow or early in the week and have some details on both aspects of what’s been talked about here.

To be honest I’m not entirely clear on why the extension is removing itself and I’m also not convinced it’s Brave. If I understand correctly, no other extensions are being removed right? If so, I would be curious to see if this extension deletes itself in other browsers (specifically Chromium based ones).

Additionally, as @Saoiray mentions, something like CCleaner or a similar software would explain how this could be happening but it would be weird if it was deleting that specific extension and not catching anything else in the process.

@Mattches I spent a while last night and this morning banging on this. I’ve confirmed I can reproduce this between two virgin Windows 10 VMs with nothing but the default desktop and Brave installed. I then tried two virgin Debian 10 VMs with nothing but the default desktop and Brave installed. I’m using a completely new profile and sync chain containing only the two machines for the test in both cases. There’s no anti-malware or cleanup software installed, save whatever Windows activates by default.

  • Create a new profile on the two VMs
  • Install any extension, EditThisCookie, and any other addition extension on the first VM. Pin each extension after installing it so EditThisCookie is between the other two extensions.
  • Create a sync chain on the first VM, and select the option to sync everything
  • Create a new profile on the second VM
  • Join the sync chain from the second VM, and select the option to sync everything

Observe: Only the first and third extensions are installed as part of the sync to the second VM. EditThisCookie is skipped. If EditThisCookie is later installed manually, it appears between the other two extensions, indicating that Brave did sync some metadata about the extension; Brave knows that the EditThisCookie extension should be the second of three items.

Expected: All three sync.

I tested this with Chrome sync and Chrome was able to sync EditThisCookie.

Speculating: The original symptom I saw was the extension disappearing. Maybe when the extension fails to sync to a new machine, the absence of that extension is later sent back on the sync chain, causing removal from other machines? Or perhaps it never synced in the first place, and I didn’t notice until I went to use the extension.

@mcgroarty,
I think your speculation here may be correct. Can you confirm whether or not the extension is removed under the same conditions but without Sync being enabled?

I’m not sure how I’d test that, short of creating a non-sync profile and waiting a few weeks. Repeatedly launching and quitting isn’t triggering a removal.

Whatever the case, the above issue with the initial sync would appear to be easily reproducible and broken behavior. Maybe it’s worth filing a bug on that, then waiting to see if the extension vanishes again once a fix for that is out?

@mcgroarty,
Reaching out to some of our Sync folks who can clarify if this specific behavior is expected (even if wonky) or a bug and to see if we can get it fixed either way.

@mcgroarty , @Mattches

the absence of that extension is later sent back on the sync chain, causing removal from other machines?

This is true.
If you setup a sync chain of 2 PCs, enable extension sync, install the extension on both and then remove manually extension on one of them - it will be deleted on other.

But I still don’t understand why in your case the extension gets removed on the first PC.

I found a second extension that exhibits this same behavior:

I’ve tried 40 extensions so far, and so far only EditThisCooke and The Camelizer fail to install when synced to a new machine. I can’t find any commonalities between the two that aren’t shared by at least some of the other extensions.

@Mattches Did the sync team have any observations?

Still an issue. Is there a way to confirm it’s been added to the dev issue tracker?

No, it hasn’t. You can search yourself over at https://github.com/brave/brave-browser/issues and could always try to create an issue if you’d like. The large issue here is the idea that, to this point, you are the only one reporting this as an issue.

As to whether it can be replicated, I haven’t tested and I’m not sure if anyone is willing. I hate to say it that way and maybe isn’t completely fair, but just is me being direct/blunt. Not sure if @Mattches can respond as to whether he or anyone at Brave has tried to replicate it using the extensions and all via Sync.

My direct advice to you, @mcgroarty, would be to see if you can find others with the issue. More people experiencing the same problem and able to provide information makes it easier to recognize what’s going on and arrive at a fix. Otherwise it can be very time consuming and tends to be a lower priority compared to things impacting people on a greater scale.

Hello,

It is still unclear why it happens.
I have created an issue https://github.com/brave/brave-browser/issues/33562 to keep it tracked.

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.