Bug 226184

Summary: www/chromium: increase requests quota for Google API Key
Product: Ports & Packages Reporter: Jan Beich <jbeich>
Component: Individual Port(s)Assignee: freebsd-chromium (Nobody) <chromium>
Status: Closed FIXED    
Severity: Affects Only Me CC: cpm, rene
Priority: --- Keywords: needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (chromium)
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233095

Description Jan Beich freebsd_committer freebsd_triage 2018-02-24 19:39:32 UTC
www/chromium and www/firefox share Google API Key. Both browsers switched to Safe Browsing V4 which has restrictions on usage. In order for FreeBSD users to be warned about phishing sites someone has to contact Google in order to increase quota. Mozilla reached out to us sometime ago but it turned out rene@ doesn't control the key.

https://www.google.com/chrome/browser/privacy/whitepaper.html#malware
https://developers.google.com/safe-browsing/v4/usage-limits

Demos:
http://testsafebrowsing.appspot.com/
http://phishing.safebrowsingtest.com/
http://malware.testing.google.test/testing/malware/
Comment 1 Jan Beich freebsd_committer freebsd_triage 2018-02-24 19:40:00 UTC
Carlos, do you know how to debug Safe Browsing in Chromium? Here's an example from Firefox:
http://docs.freebsd.org/cgi/mid.cgi?4lps-lr7b-wny
Comment 3 Jan Beich freebsd_committer freebsd_triage 2018-02-24 20:29:28 UTC
Nowadays, phishing sites are more popular than malware sites.
https://transparencyreport.google.com/safe-browsing/overview
Comment 4 Jan Beich freebsd_committer freebsd_triage 2018-02-24 21:55:43 UTC
To be specific, Safe Browsing V4 was enabled in Chromium 62 and Firefox 57 (56 was staged rollout).

https://chromium.googlesource.com/chromium/src/+/550e314e8fc7%5E%21/
https://hg.mozilla.org/mozilla-central/rev/b7f1511115e9
Comment 5 Jan Beich freebsd_committer freebsd_triage 2018-02-24 22:29:38 UTC
Mozilla has more useful links: https://wiki.mozilla.org/Security/Safe_Browsing#QA
I've tried a few URLs from Phishtank and Firefox 58 with Arch Linux key and Firefox 52.6 with FreeBSD key (unused) correctly report those as deceptive.
Comment 6 Carlos J. Puga Medina freebsd_committer freebsd_triage 2018-02-25 21:44:55 UTC
(In reply to Jan Beich from comment #1)

René can shed some light here :-)

https://lists.freebsd.org/pipermail/freebsd-gecko/2017-September/007589.html

Here are some useful links:

https://developers.google.com/safe-browsing/v4/get-started
https://github.com/google/safebrowsing
Comment 7 Carlos J. Puga Medina freebsd_committer freebsd_triage 2018-02-25 21:55:14 UTC
(In reply to Carlos J. Puga Medina from comment #6)

According to the chromium's commits history, George Liaskos submitted the FreeBSD API key.

https://www.freshports.org/commit.php?category=www&port=chromium&files=yes&message_id=201306031755.r53HtCbv000642@svn.freebsd.org
Comment 8 Rene Ladan freebsd_committer freebsd_triage 2018-02-25 22:03:07 UTC
The API key is the one listed in the www/chromium Makefile: api-project-996322985003
Comment 9 Jan Beich freebsd_committer freebsd_triage 2018-02-27 21:45:33 UTC
Works fine now. Reopen if it doesn't.