chrome.extension not available when called from extension scripts in Chromium but works on Chrome

Bug #1232575 reported by Nell Hardcastle on 2013-09-28
176
This bug affects 34 people
Affects Status Importance Assigned to Milestone
Chromium Browser
Unknown
Unknown
chromium-browser (Ubuntu)
High
Chad Miller

Bug Description

When I updated to 13.10 and Chromium 29.0.1547.65-0ubuntu2, a few extensions stopped working properly. The easiest to reproduce is Reddit Enhancement Suite 4.3.0.1, it immediately fails on loading the extension with this error:

chrome.extension is not available: 'extension' is not allowed for specified context type content script, extension page, web page, etc.). [VM] binding (22):427

Following from anywhere that called chrome.extension.sendMessage or chrome.extension.onMessage in the extension. Chromium's own bug tracker says this usage is deprecated (replaced by chrome.runtime namespace which does work) but testing against Chrome 29.0.1547.76 on the stable channel, the older namespace works correctly with the extensions.

chromium-browser:
  Installed: 29.0.1547.65-0ubuntu2
  Candidate: 29.0.1547.65-0ubuntu2
  Version table:
 *** 29.0.1547.65-0ubuntu2 0
        500 http://mirrors.cat.pdx.edu/ubuntu/ saucy/universe amd64 Packages
        100 /var/lib/dpkg/status

Saikrishna Arcot (saiarcot895) wrote :

If it is deprecated in Chromium, then most likely, Chrome is keeping that part in so that extensions will continue to work while their developers work on updating the extensions.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
Leon (leonbo) wrote :

I have this same problem. A LOT of extensions broke.

Nell Hardcastle (nell.h) wrote :

I've also found at least one API that isn't deprecated not working on this build of Chromium. chrome.extension.inIncognitoContext is in the most current Chromium API but since the whole namespace is missing in extensions, it doesn't work either.

Saikrishna Arcot (saiarcot895) wrote :

On 31.0.1650.4, I am able to install and run Reddit Extension Suite without it crashing on load, and am able to open reddit.com without any crashes. That being said, I'm not sure what it's supposed to do, so I can't gauge as to whether the extension is working or not (I've never used Reddit before).

That being said, there are error messages saying "manifestTypes: Allowing web_page contexts requires supplying a value for matches.", but that's a Chromium 31 bug.

Saikrishna Arcot (saiarcot895) wrote :

Can anyone else post extensions that broke in Chromium 29? I think I know where the bug lies (somewhat), but I need to confirm this.

Peter Wang (blinxwang) wrote :

XKit and PDF-JS both crash due to the same bug.

Saikrishna Arcot (saiarcot895) wrote :

XKit does crash, but the output message refers to being unable to convert null, not the chrome.extension error. I'm going to go on a limb and say that the chrome.extension error might have the same cause as the other error.

Chad Miller (cmiller) wrote :

Whoa. I get crash with this, but no crash without it.

Chad Miller (cmiller) wrote :

That is, all patches applied, except for any webapps patches, get no crash. With this stripped-down "4" patch, crash

[2121:2121:1011/172215:INFO:CONSOLE(279)] "Content script: Base content script, started on url: http://boards.4chan.org/s/", source: chrome-extension://pmoflmbbcfgacopiikdcpmbiellfihdg/base-content-script.js (279)

[2121:2121:1011/172215:INFO:CONSOLE(0)] "chrome.extension is not available: 'extension' is not allowed for specified context type content script, extension page, web page, etc.).", source: http://boards.4chan.org/s/ (0)
[9:9:1011/172215:WARNING:console.cc(163)] Could not log "(CONTENT_SCRIPT context for cellaaeoekimmemgdheibaibbaoeefbl) lastError:48: Uncaught TypeError: Cannot convert undefined or null to object{TypeError: Cannot convert undefined or null to object
    at Object.clear (lastError:48:24)
    at sendRequest:80:64
    at Array.forEach (native)
    at Function.target.(anonymous function) (extensions::SafeBuiltins:19:14)
    at handleResponse (sendRequest:80:12)}": no context given

The attachment "a cause, not fix" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Chad Miller (cmiller) on 2013-10-12
tags: removed: patch
Chad Miller (cmiller) on 2013-10-14
Changed in chromium-browser (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Chad Miller (cmiller)
MilkBoy (michael-wikberg) wrote :

Tampermonkey is also affected..

Florent Mertens (givre) wrote :

A lot of extenions are affected! If this is due to a ubuntu patch, it's would be good that this get fix ASAP. Thanks.

SteBo (stebo) wrote :

AdBlock, Magic Actions for YouTube and SABconnect++ are also affected.

Peter Wang (blinxwang) wrote :

Well, the Chromium folks have marked the bug as WontFix...

What is to be done from here?

Peter Wang (blinxwang) wrote :

On more recent inspection, this bug seems to be all but fixed in the latest dev-channel build of Saikrishna Arcot's PPA! All previously broken extensions now work!

Saikrishna Arcot (saiarcot895) wrote :

That's because I disabled that patch until the patch is fixed.

Saikrishna Arcot (saiarcot895) wrote :

Peter (and anyone else on my Chromium Dev PPA),

In about 1-1 1/2 hours, there should be a new build ready for Raring and Saucy amd64. Can you test this version to see if any errors occur (w.r.t. the chrome.extension not available or null object)?

Peter Wang (blinxwang) wrote :

The latest build is working fine. None of the extensions I use crash or malfunction, and no extension errors are being thrown.

Saikrishna Arcot (saiarcot895) wrote :

Perfect. I found the fix; it was most likely a syntax/parsing error in extension.json which then probably caused the entire file to not be read.

Instead of the following lines:
+ "name": "isChromelessWindow",
+ "type": "function",
+ "unprivileged": true,
+ "description": "Checks is a given extension runs part of a chromeless window.",

use the following lines:
+ "name": "isChromelessWindow",
+ "nocompile": true,
+ "nodoc": true,
+ "type": "function",
+ "description": "Checks is a given extension runs part of a chromeless window.",

We don't have docs in the docs folder, and I'm not sure what nocompile does.

OS: Ubuntu 13.10
Affected package: chromium-browser (29.0.1547.65-0ubuntu2)

The following addons are affected by this issue as well: Adblock, iReader, SlickRSS and Flashblock, which are all of my installed addons.

Since I'm relying on Google Sync and it seems a bit risky to me to switch over to development builds, I didn't test the fix above. This should get fixed in Ubuntu's repositories.

Chad Miller (cmiller) on 2013-10-23
Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Committed
Chad Miller (cmiller) on 2013-10-25
Changed in chromium-browser (Ubuntu):
importance: Undecided → High

OS: Ubuntu 13.10

Issue is fixed in 30.0.1599.114-0ubuntu1~cm0saucy, waiting now for the update to appear in Ubuntu's repositories.

Petar Sredojevic (perosredo) wrote :

The patched v30 can be grabbed from the Ubuntu Mozilla Security repos as it still hasn't appeared in the main repo - and is essentially a showstopper.

http://www.ubuntuupdates.org/ppa/ubuntu_mozilla_security?dist=saucy

Forest (foresto) wrote :

Is there any indication of when it will appear in a saucy repo? I don't see it in -proposed.

Launchpad Janitor (janitor) wrote :
Download full text (3.1 KiB)

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.10.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.13.10.2) saucy-security; urgency=low

  * Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low

  * New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches. Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail. (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now. More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.
 -- Chad MILLER <email address hidden> Sun, 27 Oct ...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.