Chrome extensions are generally available in Brave, at the user's risk. These are not reviewed by Brave and users should be cautious.
The Safe Browsing bad extension list comes from Google and is used to protect users in Brave (unless they have opted out of Safe Browsing protection via the appropriate setting in brave://settings/security
).
In order to test that the extension blocklist portion of Safe Browsing is working in Brave, you'll need to create a special build of Brave and a local proxy like mitmproxy.
Here are the full instructions:
-
Get a local Brave checkout.
-
Apply this patch.
-
Install mitmproxy and install its certificate authority in Brave.
-
Start mitmproxy in a terminal:
mitmproxy --mode socks5 --listen-port 9000
-
Start Brave in proxied mode and with the newly-added command-line parameter:
npm run start -- --proxy-server="socks5://localhost:9000" --safebrowsing-manual-extension-blocklist=jknemblkbdhdcpllfgbfekkdciegfboi
-
Make sure that the
ChromeExtMalware
list inbrave://safe-browsing/#tab-db-manager
was downloaded successfully and has a non-zero size. -
Go to the Chrome Web Store to install this manually-flagged extension.
Among the many requests, you should see a POST
request to safebrowsing2.brave.com
. If it's a 200, then it was successful and the extension should be disabled and flagged as malware in the UI (look in brave://extensions
).