Suspicious Google Login Window Pop-Up after starting Brave

Hi. I got a suspicious pop-up window every time I start Brave browser (this is the 10th time). My computer was used by my brother but I haven’t seen any significant changes lately.

The pop up (popup window name: Confirm Permission) shows a google login page where it shows:
## Error 400: invalid_request
Custom scheme URI not allowed.

Here’s a brief screenshots of the pop up window icon (which was separated from brave but still in one process), my chrome extensions, and I noticed a process running behind brave browser called kantu-file-access-host.exe (32bit)

This is the popup (above) the sus icon << along with the icon from taskbar

This is the screenshot of windows task manager, noticed there’s kantu process

This is my extension lists, I think NewTab extension was not there before, anyone have this extension too? (I just deleted it during writing this thread)

This is brave task manager
Does anyone ever experiencing this?
PS: Hope the screenshot helps.


The Kantu file is a module needed by UI vision extension (automation desktop)

If not installed willingly, delete it. It is located at %AppData%\UI.Vision\XModules (as in image).

For the 400 error, try opening a private window CTRL+SHIFT+N; If no problem, then one of your extension might be causing the issue.

Remove Google Keep Chrome Extension and this login screen should stop appearing.

Yes. I got this exact situation on two separate computers with Brave yesterday.

I don’t have the Google Keep extension installed.

I got rid of the popup by uninstalling and reinstalling Brave on both computers, but be sure and delete your browsing data too. One one computer I didn’t delete it and the popup came right back. This suggests that just deleting your browsing data might do the trick.

Why is this happening to both of us now?

1 Like


I already do the following:

  1. Removing Google Keep Chrome Extension
  2. Removing other “corrupted” extensions as my browser identified

I still got the pop-up. Also, I noticed some of my accounts across social media has already been breached (Twitter and Google so far).

I think Brave need to integrate some security countermeasures around it’s extension manager and password manager.

Brave tried to implement third party Google authentication, that change might have cause it and if so, there’s nothing you can do about it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.