Screen fingerprinting protection is applied to extensions pages

[arthuredelstein]

First reported here:
https://twitter.com/AaronToponce/status/1590038533963538432

I was able to confirm that the extension pop-up for Bitwarden is half size when screen fingerprinting protection is enabled. It appears this is because the browser is lying about the size of the screen to the popup page, which has a chrome-extension:// address. We should not apply this protection to such extension pages.

[arthuredelstein]

@pes10k Do you have an opinion on the best approach here? The two options are:

1. Exempt extension pages entirely from fingerprinting protections (my PR's approach)
2. Exempt extension pages from screen fingerprinting protections only (an alternative approach I could implement)
   I think the decision depends mainly on Brave's threat model for extensions.

[pes10k]

Yep! I agree, option 1 seems A+ to me

[arthuredelstein]

Reopening while we uplift

[arthuredelstein]

QA testing ideas

The fix for this bug modifies our fingerprinting protections so they aren't applied to extensions pages. To test, we can check that (A) known broken extensions are no longer broken, while (B) fingerprinting protection still applies to http(s) pages.

Part A

1. Enable the flag brave://flags#brave-block-screen-fingerprinting

2. Install the LINE extension: https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc?hl=en
   Once it is installed, confirm that clicking on the extension button () opens a LINE login window:

(Without this fix, the Login window does not open.)

3. Install the Bitwarden extension: https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb?hl=en
   Create a login account. Once logged in, confirm that clicking on the Bitwarden extension button opens a full-length popup:

(Without this fix, the popup appears but is much shorter.)

Part B

Confirm that screen fingerprinting is still working in http(s) pages by reproducing the tests done in #23170 (comment)

[LaurenWags]

Requires 1.45.131 or higher to test

[GeetaSarvadnya]

Verification PASSED on

Brave | 1.45.131 Chromium: 107.0.5304.110 (Official Build) (64-bit)
-- | --
Revision | 2a558545ab7e6fb8177002bf44d4fc1717cb2998-refs/branch-heads/5304@{#1202}
OS | Windows 10 Version 21H2 (Build 19044.2251)

Reproduced the issue in 1.45.127

Reproduced the issue described in #26715 (comment) using 1.45.127

1. Ensured BraveScreenFingerprintingBlockerStudy:Enabled on brave://version (Release channel has this at 50%, so may need a few attempts to get this enabled)
2. Confirmed no login window shows on 1.45.x when clicking on the "Line" extension icon with the BraveScreenFingerprintingBlockerStudy is enabled.
3. Confirmed shortened display of Bitwarden popup when BraveScreenFingerprintingBlockerStudy is enabled.

brave://version	Line Extension	Bitwarden Extension

Part A of test plan - PASSED

Verified the test plan from #26715 (comment) - Part A:

Using 1.45.131, verified both extensions listed in #26715 (comment) worked as described when BraveScreenFingerprintingBlockerStudy is enabled.

brave://version	Line Extension	Bitwarden Extension

Part B of test plan - PASSED

Verified the test plan from #26715 (comment) - Part B:

Using 1.45.131, run through the cases from #23170 (comment):

Case 1: 1st launch, no Griffin - PASSED

Steps:

1. installed 1.45.131
2. launched Brave
3. opened brave://version
4. confirmed no Griffin studies listed
5. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
6. clicked on Generate fingerprints
7. confirmed the This Page, Local Frame, and Remote Frame values were the same for each of the following:

• Screen resolution
• Screen resolution media query
• Available screen resolution

8. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
9. moved the mouse around and examined the tracked events

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

step 3	step 7	step 9

Case 2: 2nd launch, Griffin-enabled study with Shields enabled- PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the case you get BraveScreenFingerprintingBlockerStudy:Enabled (note, study is enabled at 100% on Nightly/Beta but only 50% on Release, so when testing on 1.45.x please be aware you may need a few attempts to get this study enabled)
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
16. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
17. moved the mouse around and examined the tracked coordinates

Confirmed the values for This Page were different from Local Frame and Remote Frame (which were both the same); the only four (4) trackable events were the mouseEvent.client(X/Y) coordinates

step 11	step 13	step 16

Case 3: 2nd launch, Griffin-enabled study with Shields disabled- PASSED

1. continued from Case 2
2. disable Shields in the Shields panel
3. reload the https://dev-pages.brave.software/fingerprinting/farbling.html
4. clicked on Generate fingerprints
5. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
6. disable Shields in the Shields panel
7. moved the mouse around and examined the tracked coordinates

Confirmed all values were the same; no farbling was applied

brave://version	shields down	farbling.html	screen.html

Case 4: relaunch, default/no study - PASSED

(Continued from 1st launch, no Griffin test, above)
10. restarted Brave
11. opened brave://version
12. confirmed in the case where BraveScreenFingerprintingBlockerStudy:Default (note, study is enabled at 100% on Nightly/Beta but only 50% on Release - this means I had to disable brave://flags#brave-block-screen-fingerprinting to test this on Nightly however when testing on Release 1.45.x please be aware you may need a few attempts to get this study as "Default".)
13. loaded https://dev-pages.brave.software/fingerprinting/farbling.html
14. clicked on Generate fingerprints
15. loaded https://arthuredelstein.github.io/tracking_demos/screen.html
16. moved the mouse around and examined the tracked coordinates

Confirmed there was no farbling of the screen/window coordinates shown in the screenshot

step 11	step 14	step 16