Brave Needs to Stop Contacting Every Website in My Password Manager

Browser Support Desktop Support
,
1

Description of the issue:

Brave does not need to show favicons in Password Manager. It doesn’t need to contact every website in my Password Manager, especially when I’m only looking for one password. The only way to stop Brave from needlessly contacting every website is to quit Brave immediately after I obtain the needed username/password. This activity needs to stop!

How can this issue be reproduced?

  1. Open Password Manager.
  2. Watch Brave contact every website listed in your password manager.
  3. Shake head in disbelief this hasn’t been stopped years ago.

Expected result:

Brave stops contacting every website in password manager.

Brave Version( check About Brave):

Version 1.73.101 Chromium: 131.0.6778.139 (Official Build) (arm64)

2

@fmarier actually hoping you might have some thought on this. Especially thinking about how some are seeing things flagged by like Malwarebytes when they open their Password Manager.

I’m not sure how people are tracking, but I’m guessing there is some sort of call from the browser to all the websites? And if so, could that be any potential safety/security risk by making whatever “call” it’s making to these domains?

Malwarebytes examples are like the three things linked below.

3

@Jagermeister by what method are you using to watch calls from the browser to the website(s)?

4

It looks like it uses the favicon cache rather than making any calls to websites: I just opened Password Manager and 2 of the entries had default grey favicons. I went to the homepage of one of those entries, then reloaded Password Manager and the favicon for that site was displayed.

5

It may be. But I guess also am questioning the idea of how Malwarebytes and all would be triggering the messages it is based on entries in a person’s password manager. There should be something going on. I mean, I doubt Malwarebytes has full access to all our saved passwords and is checking it, otherwise would think its warning would be more specific.

6

General info #1: 1Password includes a setting, that, when enabled, allows 1Password to update the favicons of login-websites. (I leave that switch, disabled.)

General info #2: On iOS devices, Brave Browser randomly changes / flips (back and forth) website favicons to be actual or generic. Occurs for the home screen, and occurs among the bookmarks. (No idea why.)

7

I use Little Snitch.

8

I say that Brave is calling for favicons because why else would Brave call every website in the manager? Nothing else would seem correct.

9

That is correct, it appears to be in order to fetch the favicon data from each site. I’ve opened an issue for this here:

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

12

@Jagermeister @Mythical5th I removed things I used to track requests, but wanted to point out that update that arrived today, 1.175.175, is supposed to have resolved this. I reopened this just to see if you both want to check it out and see if it looks good. If so, we’ll mark Mattches reply with the Github as solution and close this again.

13

@Saoiray
I just got version 1.75.175 Chromium: 133.0.6943.54 (Official Build) (64-bit)

Password manager is working the same way as before for me: passwords for sites I have not visited, which I expect not to have a favicon in the cache, display no favicon. I didn’t do any packet sniffing to see what sites Brave called out to, it’s not in my skillset.

1 Like
14

I updated to 1.75.175 today. (Thanks for letting me know to do so.)

I opened Password Manager and no outgoing connections were requested by Brave.

YAY! Fixed. Thanks for solving this issue!!

1 Like
15

@Jagermeister excellent.

Going to go ahead and close this thread as solved. Appreciate everyone who reported this.

16

Issue fixed with v1.75.175 release: