(potentially) malicious/unwanted brave PID with weird and long command line parameter statements firing up

Description of the issue: Brave is fired up in multiple processes, each with variously complex command line parameters set, when I try to kill one or more of these, the “main” (as in the one I am viewing/using) window remains unaffected (as in it does not close/end), when I use TCPView to kill ALL of the Brave PID’s with active/established TCP sessions, the current brave window I’m in still doesn’t close…

Steps to Reproduce (add as many as necessary): 1. 2. 3. Launch brave, alternatively sometimes these new brave PID’s are launched also when I go to a different website/url

Actual Result (gifs and screenshots are welcome!):




Expected result:
““C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe” --incognito”
(I would have expected to see this only?)

Reproduces how often: Every single time/always

Operating System and Brave Version(See the About Brave page in the main menu):
WIN10 10.0.19041
Version 1.14.81 Chromium: 85.0.4183.102 (Official Build) (64-bit)
(brave says I’m up to date)

Additional Information:

PID’s entire command line parameters:

6816 from the first screenshot:

“C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe” --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1704,6632401261051325643,18002332344290567161,131072 --enable-features=AutoupgradeMixedContent,DnsOverHttps,LegacyTLSEnforced,MixedContentSiteSetting,OmniboxContextMenuShowFullUrls,PassiveMixedContentWarning,PasswordImport,PrefetchPrivacyChanges,ReducedReferrerGranularity,WebUIDarkMode,WinrtGeolocationImplementation --disable-features=AllowPopupsDuringPageUnload,AutofillEnableAccountWalletStorage,AutofillServerCommunication,NotificationTriggers,PasswordCheck,PrivacySettingsRedesign,SafeBrowsingEnhancedProtection,SmsReceiver,TabHoverCards,TextFragmentAnchor,VideoPlaybackQuality --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=3180 /prefetch:8


5172 from the second screenshot:

“C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe” --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1704,6632401261051325643,18002332344290567161,131072 --enable-features=AutoupgradeMixedContent,DnsOverHttps,LegacyTLSEnforced,MixedContentSiteSetting,OmniboxContextMenuShowFullUrls,PassiveMixedContentWarning,PasswordImport,PrefetchPrivacyChanges,ReducedReferrerGranularity,WebUIDarkMode,WinrtGeolocationImplementation --disable-features=AllowPopupsDuringPageUnload,AutofillEnableAccountWalletStorage,AutofillServerCommunication,NotificationTriggers,PasswordCheck,PrivacySettingsRedesign,SafeBrowsingEnhancedProtection,SmsReceiver,TabHoverCards,TextFragmentAnchor,VideoPlaybackQuality --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=4304 /prefetch:8


4788 from the third screenshot:

“C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe” --type=renderer --field-trial-handle=1704,6632401261051325643,18002332344290567161,131072 --enable-features=AutoupgradeMixedContent,DnsOverHttps,LegacyTLSEnforced,MixedContentSiteSetting,OmniboxContextMenuShowFullUrls,PassiveMixedContentWarning,PasswordImport,PrefetchPrivacyChanges,ReducedReferrerGranularity,WebUIDarkMode,WinrtGeolocationImplementation --disable-features=AllowPopupsDuringPageUnload,AutofillEnableAccountWalletStorage,AutofillServerCommunication,NotificationTriggers,PasswordCheck,PrivacySettingsRedesign,SafeBrowsingEnhancedProtection,SmsReceiver,TabHoverCards,TextFragmentAnchor,VideoPlaybackQuality --disable-databases --lang=en-US --extension-process --enable-auto-reload --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10270118121161726252 --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1


3560 from the fourth screenshot:

“C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe” --type=renderer --field-trial-handle=1704,6632401261051325643,18002332344290567161,131072 --enable-features=AutoupgradeMixedContent,DnsOverHttps,LegacyTLSEnforced,MixedContentSiteSetting,OmniboxContextMenuShowFullUrls,PassiveMixedContentWarning,PasswordImport,PrefetchPrivacyChanges,ReducedReferrerGranularity,WebUIDarkMode,WinrtGeolocationImplementation --disable-features=AllowPopupsDuringPageUnload,AutofillEnableAccountWalletStorage,AutofillServerCommunication,NotificationTriggers,PasswordCheck,PrivacySettingsRedesign,SafeBrowsingEnhancedProtection,SmsReceiver,TabHoverCards,TextFragmentAnchor,VideoPlaybackQuality --disable-databases --lang=en-US --enable-auto-reload --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10270118121161726252 --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1


Since I would have assumed that when killing a process, especially if that PID shows per TCPView that it’s established a session to an IP address that has nothing to do with the website/url I’m visiting, would have gotten “killed” or “ended” when I terminate it in task manager, I am afraid if by any chance my brave hasn’t been modified maliciously via registry entries or something - The sheer length and complexity of the individual “child” PID’s scare me, to be honest - My question therefore is if this is normal behaviour and if it is, is there any way for me to verify/rule out malicious behaviour by any chance, please? (namely, I’m worried someone may be spying on me via these)

Also, another question I have is - what do “–type=renderer” and “–type=utility” parameters mean?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.