Vivaldi autolaunching pishing sites - bug report

RichardHC

Vivaldi has been auto-launching pishing websites when it starts and periodically while it is running.
Malwarebytes blocks these but has no answer as to why it's happening or how to stop it. It does not happen with Microsoft Edge on the same computer and Malwarebytes scans don't detect any malware infecting the computer. It only happens with Vivaldi and it does not matter which (if any) tabs are open when Vivaldi starts. This has been going on for several months and different websites are attempting to launch. I tried turning off all extensions (I don't have many) but that made no difference.
I love having different workspaces (I have 9) with dormant tabs in them and can't see how a dormant tab could be launching the pishing websites the instant Vivaldi opens. This is a bug report.
-Blocked Website Details-
Malicious Website: 1
, C:\Users\Feddie\AppData\Local\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, 6DDB2C7EF720A9F4712EA0BEBFA5117A, 7A84615F2EB088FE763A9133486AAF3D3CF28DA52CAF71AE4AAA787FD5E7645E
-Website Data-
Category: Phishing
Domain: semasu.net
IP Address: 178.63.248.48
Port: 443
Type: Outbound
File: C:\Users\Feddie\AppData\Local\Vivaldi\Application\vivaldi.exe

OrbitalMartian

Do you have any sites set to open when you open Vivaldi? (I can’t remember the name in settings).

DoctorG

@RichardHC Could be that some tabs which are loaded after start with last session connect to such site or a service-worker acts in background and connects to such domain.

service-worker: check internal page vivaldi:serviceworker-internals and delete all.

RichardHC

@DoctorG
Amazing. I entered vivaldi:serviceworker-internals into the address bar and it came up with 220 serviceworkers and 20 of these had
Navigation preload enabled: true. At the end of each one of these workers is log field (empty) and two buttons Unregister and Start. I deregistered all with autostart true! Hopefully that will do it.
Here's an example of one of them.

Scope: https://chat.google.com/
Storage key:
Origin: https://chat.google.com
Top level site: https://google.com
Ancestor chain bit: SameSite
Registration ID: 289
Navigation preload enabled: true
Navigation preload header length: 4
Active worker:
Installation Status: ACTIVATED
Running Status: STOPPED
Fetch handler existence: EXISTS
Fetch handler type: NOT_SKIPPABLE
Script: https://chat.google.com/serviceworker.js?xhrRoot=%2Fu%2F0%2F_%2FDynamiteWebUi&mssRowKey=boq-dynamite.DynamiteWebUi.en.Ovt0koDjpT0.2020.O&buildLabel=boq_dynamiteuiserver_20231130.05_p1
Version ID: 1967
Renderer process ID: 0
Renderer thread ID: -1
DevTools agent route ID: -2
Log:

TbGbe

@RichardHC said in Vivaldi autolaunching pishing sites - bug report:

You suggest delete all but .... how do I do that?

Use the "Unregister" button.
Unfortunately, it has to be done one-by-one

Pathduck

@RichardHC said in Vivaldi autolaunching pishing sites - bug report:

I entered vivaldi:serviceworker-internals into the address bar and it came up with 220 serviceworkers and 20 of these had
Navigation preload enabled: true.

Do you know what preload enabled: true means?
Because then you know more about service workers than most regular here I think
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Service-Worker-Navigation-Preload

Anyway, it's very unlikely that a Service Worker can open tabs or "sites" on browser start.
Most likely, the registered SW tries to make a network connection to these shady/phishing sites to retrieve data for push notifications you have allowed them to send, and MWB blocks these connections.

So, how to easily unregister 200+ service workers?

First part: you need to make sure the site(s) can't actually send you notification spam. You've most likely clicked "Allow" when a site asked you for permission to do so, shady site or not.

• Go to Settings > Privacy & Security
• Under Website Permissions, select any sites you don't approve of and remove them by clicking the - button or the Del key.
• Then click the Global Permissions, and select the Notifications dropdown.
• Set it to Blocked like this:

Second part: Remove the mass amount of workers without having to click Unregister 200+ times.

• Go to Help > About
• Find the value for Profile Path and copy it into a notepad document
• Close the browseer
• Navigate to the Profile Path in the File Explorer
• Find the folder named Service Worker
• Delete the folder named Service Worker
• Start the browser

From now on sites won't be able to even ask you for permissions to show notifications. It's for the better. And in the future, be careful mindlessly clicking "Allow" when some site asks you ok?

Catweazle

@RichardHC, I use this extension, with it you can delete all data from a site with an click.