Description of the issue:
I was using the Nano Defender browser extension on Brave. Its Chrome Web Store page was here (currently leads to a 404 not found error page). I’ve just recently launched Chrome which also has this extension installed, it gave me a notification that this extension has been disabled and that it contains malware. Upon further research, I found out that Nano Defender was removed from the Chrome Web Store and marked as malware days ago. More info in this article: Google removes two Chrome ad blockers caught collecting user data
There is no similar warning for Brave nor did it disable Nano Defender, despite me using Brave daily. I even tried updating my Brave extensions. I believe this is a major privacy and security issue.
Steps to Reproduce (add as many as necessary): 1. 2. 3.
Not easily reproducible
- Install an extension from the Chrome Web Store for both Brave and Chrome
- Find out that it has later been marked as malware and removed from the Chrome Web Store
- Notice that Chrome will give a notification that this extension has been disabled and will mark it as containing malware. Brave will not do the same and will keep the extension enabled with no mark of it being malware.
Actual Result (gifs and screenshots are welcome!):
Brave does nothing, no notifications, no marking, nor did it disable the malware extension.
To be like what Chrome does: notify, disable and mark the extension as malware.
Reproduces how often:
This issue is not easily reproducible, but it has happened to me twice already. In Chrome, where I also had the same extensions installed, I always got a notification that the extension has been disabled and that it contains malware.
Operating System and Brave Version(See the
About Brave page in the main menu):
Brave Version 1.15.76 Chromium: 86.0.4240.111 (Official Build) (64-bit) on Windows 7
I’ve reported a similar issue months ago for another extension marked as malware - to no avail: Brave is not disabling or marking extensions that have been removed from the Chrome Web Store as malware
EDIT: Found out that this was also the same case with the Ratings Preview Bar for YouTube extension, which was also removed from the Chrome Web Store and marked as malware.