Kutt Extension has been flagged and disabled by Chrome Web Store #4

New Issue

michael · 2026-01-19T18:31:52Z

michael commented

2026-01-19 18:31:52 +00:00

Originally created by @adan89lion on GitHub.

Description:
Kutt Extension has been automatically disabled (and locked) on my Edge browser on macOS on July 10th, 2022. Its page on Chrome Web Store has also been removed. (I've attached the screenshot of the alert on Edge browser).

Device info:

OS: macOS 12.4 (Build 21F79)
Browser: Microsoft Edge 103.0.1264.51 (Official build) (x86_64)

Originally created by @adan89lion on GitHub. Description: Kutt Extension has been automatically disabled (and locked) on my Edge browser on macOS on July 10th, 2022. Its page on Chrome Web Store has also been removed. (I've attached the screenshot of the alert on Edge browser). <img width="783" alt="Screen Shot 2022-07-10 at 12 46 42 PM" src="https://user-images.githubusercontent.com/6585644/178141766-64bbc3a2-845f-4f3b-9e28-21d5e11f87a8.png"> Device info: - OS: macOS 12.4 (Build 21F79) - Browser: Microsoft Edge 103.0.1264.51 (Official build) (x86_64)

michael closed this issue

2026-01-19 18:31:52 +00:00

michael commented

2026-01-19 18:31:53 +00:00

@abhijithvijayan commented on GitHub:

@poeti8 any ideas on what caused the rejection?

I will land a PR with all dependencies upgrade for the extension. Maybe that will help?

@abhijithvijayan commented on GitHub: @poeti8 any ideas on what caused the rejection? I will land a PR with all dependencies upgrade for the extension. Maybe that will help?

michael commented

2026-01-19 18:31:53 +00:00

@imakiro commented on GitHub:

No update on the rejection from stores, bugfix releases ?

@imakiro commented on GitHub: No update on the rejection from stores, bugfix releases ?

michael commented

2026-01-19 18:31:53 +00:00

@hammady commented on GitHub:

How is this report related to the kutt server itself? It seems to be a different repo. We need a prompt explanation in case the kutt server has serious security issues and must be taken down.

@hammady commented on GitHub: How is this report related to the kutt server itself? It seems to be a different repo. We need a prompt explanation in case the kutt server has serious security issues and must be taken down.

michael commented

2026-01-19 18:31:53 +00:00

@lukasgabriel commented on GitHub:

I also noticed this yesterday on Edge.

The extension was also removed from the Firefox Addon Store: https://addons.mozilla.org/firefox/addon/kutt/

Can anyone provide info about whether this is a false positive and the extension can safely be re-enabled, or is there actually malware present? Is there any reason to also be worried about the main repo? I've shut down my self-hosted Kutt instance, just to be safe, until there's a response from the developers.

@lukasgabriel commented on GitHub: I also noticed this yesterday on Edge. **The extension was also removed from the Firefox Addon Store: https://addons.mozilla.org/firefox/addon/kutt/** Can anyone provide info about whether this is a false positive and the extension can safely be re-enabled, or is there actually malware present? Is there any reason to also be worried about the main repo? I've shut down my self-hosted Kutt instance, just to be safe, until there's a response from the developers.

michael commented

2026-01-19 18:31:53 +00:00

@moquito64 commented on GitHub:

Edge, Chrome, and Firefox all seem to have flagged this as containing malware. Hope we get more information soon. I have disabled this until further notice.

@moquito64 commented on GitHub: Edge, Chrome, and Firefox all seem to have flagged this as containing malware. Hope we get more information soon. I have disabled this until further notice.

michael commented

2026-01-19 18:31:53 +00:00

@Tnology commented on GitHub:

Any update on this? I just got my selfhosted Kutt service up and running, and I'm super excited to use this (especially for custom domains like [my domain].com/apply alongside all of the other useful features).

@Tnology commented on GitHub: Any update on this? I just got my selfhosted Kutt service up and running, and I'm super excited to use this (especially for custom domains like [my domain].com/apply alongside all of the other useful features).

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

@abhijithvijayan any updates on this?

@poeti8 commented on GitHub: @abhijithvijayan any updates on this?

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

@abhijithvijayan This is the email I got from Firefox:

Details:

Extensions defining a content security policy that allows eval ('unsafe-eval') are generally not allowed for security and performance reasons. ‘eval’ is only necessary in rare cases. Please use a different method or explain why eval is required in your add-on.

manifest.json line 45

In addition the following is required to complete the review:

This version contains minified, concatenated or otherwise machine-generated code. Please provide the original sources, together with instructions on how to generate the final XPI. Source code must be provided as an archive and uploaded using the source code upload field, which can be done during submission or on the version page in the developer hub.

Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ .

And for Chrome:

@poeti8 commented on GitHub: @abhijithvijayan This is the email I got from **Firefox**: > Details: > 1) Extensions defining a content security policy that allows eval ('unsafe-eval') are generally not allowed for security and performance reasons. ‘eval’ is only necessary in rare cases. Please use a different method or explain why eval is required in your add-on. > - manifest.json line 45 > > In addition the following is required to complete the review: > > 1) This version contains minified, concatenated or otherwise machine-generated code. Please provide the original sources, together with instructions on how to generate the final XPI. Source code must be provided as an archive and uploaded using the source code upload field, which can be done during submission or on the version page in the developer hub. > > Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ . And for **Chrome**: <img width="590" alt="image" src="https://user-images.githubusercontent.com/23660003/188298417-743d3fd9-8ee5-457f-9d5b-a79451aae1fc.png">

michael commented

2026-01-19 18:31:53 +00:00

@abhijithvijayan commented on GitHub:

will migrate to v3 soon and we can go ahead with the release which would resolve this.

I will add the missing permission to the manifest as well so that this issue is rectified.

@abhijithvijayan commented on GitHub: will migrate to v3 soon and we can go ahead with the release which would resolve this. I will add the missing permission to the manifest as well so that this issue is rectified.

michael commented

2026-01-19 18:31:53 +00:00

@abhijithvijayan commented on GitHub:

this is blocked on the migration of the plugin i wrote to support webpack 5. https://github.com/abhijithvijayan/wext-manifest-webpack-plugin

Webpack has introduced major breaking changes and deprecated APIs relied on by the plugin. Once I manage to get it migrated, I will pick this issue up.

@abhijithvijayan commented on GitHub: this is blocked on the migration of the plugin i wrote to support webpack 5. https://github.com/abhijithvijayan/wext-manifest-webpack-plugin Webpack has introduced major breaking changes and deprecated APIs relied on by the plugin. Once I manage to get it migrated, I will pick this issue up.

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

You can use it if you have already installed it.
I'll check with the issue myself soon, seems like @abhijithvijayan doesn't have free time.

@poeti8 commented on GitHub: You can use it if you have already installed it. I'll check with the issue myself soon, seems like @abhijithvijayan doesn't have free time.

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

Can't we use something else for now? Or take another approach?

@poeti8 commented on GitHub: Can't we use something else for now? Or take another approach?

michael commented

2026-01-19 18:31:53 +00:00

@lukasgabriel commented on GitHub:

@poeti8 You can still use the plugin just fine.

@lukasgabriel commented on GitHub: @poeti8 You can still use the plugin just fine.

michael commented

2026-01-19 18:31:53 +00:00

@brianantonelli commented on GitHub:

No, you can't use it just fine. It's missing from the store.

@brianantonelli commented on GitHub: No, you can't use it just fine. It's missing from the store.

michael commented

2026-01-19 18:31:53 +00:00

@mtan93 commented on GitHub:

You can install manually by downloading the chrome.zip release, enable developer mode and drop the extracted folder into the chrome://extensions page.

@mtan93 commented on GitHub: You can install manually by downloading the chrome.zip release, enable developer mode and drop the extracted folder into the chrome://extensions page.

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

Kutt is now back on Chrome Web Store: https://chrome.google.com/webstore/detail/kutt/pklakpjfiegjacoppcodencchehlfnpd

Firefox review is still pending.

@poeti8 commented on GitHub: Kutt is now back on Chrome Web Store: https://chrome.google.com/webstore/detail/kutt/pklakpjfiegjacoppcodencchehlfnpd Firefox review is still pending.

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

@abhijithvijayan That's good news. I appreciate the work you have done so far, but can we completely remove the build the step? I wouldn't want it any other way. Just like the Kutt version 3, I wanted to get rid of all the build steps for the extension and use simple HTML/CSS and only htmx perhaps—without React or any other framework—to prevent similar issues from happening in future.

@poeti8 commented on GitHub: @abhijithvijayan That's good news. I appreciate the work you have done so far, but can we completely remove the build the step? I wouldn't want it any other way. Just like the Kutt version 3, I wanted to get rid of all the build steps for the extension and use simple HTML/CSS and only htmx perhaps—without React or any other framework—to prevent similar issues from happening in future.

michael commented

2026-01-19 18:31:53 +00:00

@poeti8 commented on GitHub:

Any updates on this yet?

For FireFox? I submitted many times but each time they respond with something weird that I don't know how to fix. I should try again soon.

@poeti8 commented on GitHub: >Any updates on this yet? For FireFox? I submitted many times but each time they respond with something weird that I don't know how to fix. I should try again soon.

michael commented

2026-01-19 18:31:53 +00:00

@abhijithvijayan commented on GitHub:

I am re-writing the underlying repo https://github.com/abhijithvijayan/web-extension-starter to work with v3 manifest extensions. Will migrate this repo to use the new build setup and get a version built. Once that is done, this extension can be published to stores once again. Sorry that it took me some time to get back to working on the project(i had gotten a fulltime job which didn't let me do anything really for couple of years, which is not the case anymore).

Progress branch: https://github.com/abhijithvijayan/web-extension-starter/tree/vite-rewrite
Updates posted on thread: https://github.com/abhijithvijayan/web-extension-starter/issues/66

cc: @poeti8

@abhijithvijayan commented on GitHub: I am re-writing the underlying repo https://github.com/abhijithvijayan/web-extension-starter to work with v3 manifest extensions. Will migrate this repo to use the new build setup and get a version built. Once that is done, this extension can be published to stores once again. Sorry that it took me some time to get back to working on the project(i had gotten a fulltime job which didn't let me do anything really for couple of years, which is not the case anymore). Progress branch: https://github.com/abhijithvijayan/web-extension-starter/tree/vite-rewrite Updates posted on thread: https://github.com/abhijithvijayan/web-extension-starter/issues/66 cc: @poeti8

michael commented

2026-01-19 18:31:53 +00:00

@Lancaban commented on GitHub:

Any updates on this yet?

@Lancaban commented on GitHub: Any updates on this yet?

michael commented

2026-01-19 18:31:53 +00:00

@abhijithvijayan commented on GitHub:

This was not exactly an issue with the libraries, it was because of chrome deprecating Manifest v2 way faster than other browsers leading to partial support. Now major browsers have manifest v3 support, so I have made every change to support this in https://github.com/thedevs-network/kutt-extension/pull/138.

@abhijithvijayan commented on GitHub: This was not exactly an issue with the libraries, it was because of chrome deprecating Manifest v2 way faster than other browsers leading to partial support. Now major browsers have manifest v3 support, so I have made every change to support this in https://github.com/thedevs-network/kutt-extension/pull/138.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: thedevs-network/kutt-extension#4