Suspicious Google Login Window Pop-Up after starting Brave

Browser Support Desktop Support
1

Hi. I got a suspicious pop-up window every time I start Brave browser (this is the 10th time). My computer was used by my brother but I haven’t seen any significant changes lately.

The pop up (popup window name: Confirm Permission) shows a google login page where it shows:
## Error 400: invalid_request
Custom scheme URI not allowed.

Here’s a brief screenshots of the pop up window icon (which was separated from brave but still in one process), my chrome extensions, and I noticed a process running behind brave browser called kantu-file-access-host.exe (32bit)

Sus Popup
Sus Popup1024×768 15.6 KB

This is the popup (above) the sus icon << along with the icon from taskbar
kantu what
kantu what850×470 73 KB

This is the screenshot of windows task manager, noticed there’s kantu process
All my Ext
All my Ext844×860 82 KB

This is my extension lists, I think NewTab extension was not there before, anyone have this extension too? (I just deleted it during writing this thread)

Brave task manager
Brave task manager1334×1040 128 KB

This is brave task manager
Does anyone ever experiencing this?
PS: Hope the screenshot helps.

2

Hi

The Kantu file is a module needed by UI vision extension (automation desktop)
https://ui.vision/rpa/x/download

If not installed willingly, delete it. It is located at %AppData%\UI.Vision\XModules (as in image).

kantu
kantu838×425 29.4 KB

For the 400 error, try opening a private window CTRL+SHIFT+N; If no problem, then one of your extension might be causing the issue.

3

Remove Google Keep Chrome Extension and this login screen should stop appearing.

4

Yes. I got this exact situation on two separate computers with Brave yesterday.

I don’t have the Google Keep extension installed.

I got rid of the popup by uninstalling and reinstalling Brave on both computers, but be sure and delete your browsing data too. One one computer I didn’t delete it and the popup came right back. This suggests that just deleting your browsing data might do the trick.

Why is this happening to both of us now?

1 Like
5

Update:

I already do the following:

  1. Removing Google Keep Chrome Extension
  2. Removing other “corrupted” extensions as my browser identified

I still got the pop-up. Also, I noticed some of my accounts across social media has already been breached (Twitter and Google so far).

I think Brave need to integrate some security countermeasures around it’s extension manager and password manager.

6

Brave tried to implement third party Google authentication, that change might have cause it and if so, there’s nothing you can do about it.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.