Status Update
No update yet.
Comments
su...@google.com
Observed that, Chrome Web Store corrupts extension
This is a Non-Regression issue since M124
Please find the screencast attached.
Notes :
1.Issue able to repro on Stable #134.0.6998.166, Beta #135.0.7049.28, Dev #136.0.7081.2 and Canary #136.0.7088.0
2.As this being a Non-Regression issue, changing the status to Untriaged so that the issue would get addressed.
3.Issue is repro on Windows and Linux.
Thanks!!
zw...@google.com
I was able to repro and did some initial investigation into this:
- Checked various logs while repro'ing - the main interesting one was this
[...:VERBOSE1:extensions/browser/content_verifier/content_verify_job.cc:334] job failed for apjcbfpjihpedihablmalmbbhjpklbdf filters/declarative/ruleset_10/ruleset_10.json reason:4
(not sure if content verification would've failed for other files too but stopped early because of this one.)
-
Installed the ext locally, verified it was corrupted, then compared
_metadata/verified_contents.json(generated by CWS) withcomputed_hashes.json, manually combining the block hashes fromcomputed_hashes.jsonfor the affected file. I confirmed that the root hash matched the one inverified_contents.json. -
Added some logs on CWS' end locally to see the individual block hashes as the tree hash was being computed for
verified_contents.json. I confirmed they matched the block hashes incomputed_hashes.json. -
Added some logs to a local Chrome instance to trace exactly where the content verification failure is happening, which seems to be
here computed_hashes.jsonwhile the actual hash was something different (couldn't figure out where it came from).
Anyway, at this point I'm not too sure how to proceed. I'm wondering if it's possible that filters/declarative/ruleset_10/ruleset_10.json is getting modified by Chrome or something else before/during/after content verification?
Description
Steps to reproduce the problem
Problem Description
We have thoroughly investigated this issue and determined that the Chrome Web Store (CWS) itself appears responsible for incorrectly signing our extension, causing corruption. The original version we uploaded to CWS does not result in any corruption issues when installed locally.
We reached out to the One Stop Support team, but they did not acknowledge that the problem originates from CWS and directed us here instead.
Our Case ID: 8-0044000038757
Additional detail that might be helpful - Removing the _metadata directory from the downloaded (CWS-signed) build completely resolves the corruption issue.
Additional Comments
To help diagnose and resolve this issue, we are attaching two versions of the extension: • Original version: The exact package we submitted to CWS for review -https://drive.google.com/file/d/1YrpQv_zF9bQjVEtN_Z6DswoBejGi8CtL/view?usp=sharing
• Signed version: The version that was published by CWS and is now corrupted - https://drive.google.com/file/d/1zwMlSVBW0YI7M3sw8zAaPQ7Anzp0Y28Q/view?usp=sharing
Summary
Chrome Web Store corrupts extension
Custom Questions
Which component does this fall under?
Not sure - I don't know
Does this work in other browsers?
Yes - This is just a Chrome problem
Additional Data
Category: API
Chrome Channel: Stable
Regression: N/A