miki1980

Hey guys,
I hope I can be helpful. I had similar issues for few days now and I started to try and sort this out. I looked careful what I have installed as extinctions on my google chrome. When I checked, I saw that one of the extinctions was corrupted and needed to either be repaired or removed and reinstalled. It was an extinction that translates text into speech or text from other languages into English. When I removed it, this virus threat was not coming up again. Have a look at your extinctions and see if one of them is corrupted and needs to be repaired or reinstalled. 
 
Let us know if it has solved the problem like it did for me.

The first question that needs to be answered is what is this C:\Windows\SystemTemp directory is about? Checking my Win 10 22H2 installation, I also have the sub-directory and it appears to have been created on 6/4/2023. No Win Update of any type ran on that date or the prior date. The directory is totally locked down, not even read access is allowed. As such, I am surprised Eset could detect anything resident in that directory.
This Github article: https://github.com/golang/go/issues/56899 states C:\Windows\SystemTemp directory was created as a Windows security hardening feature for Win 11. Looks like Microsoft also added the directory to Win 10 but possibly not used there?
In any case, I can't see how a Chrome extension could be created C:\Windows\SystemTemp unless something changed its Win access permissions to do so, then reestablished the original permissions. In any case, Eset can't delete the malicious extension from C:\Windows\SystemTemp because it doesn't have the permissions to do so it appears. Hence, the constant Eset notification when the malicious Chrome extension attempts to load into Brave.

You removed the screen shot that originally was shown in your posting.
The screen shot showed that the JavaScript Eset is detecting originates from a C:\Windows\????Temp\ sub-directory. The process that accesses the script in this directory appears to be one that unzips extensions prior to loading\running it in the Brave browser. You need to identify what is creating this extension and stop it from doing so.

Assuming you have set up syncing from your Smart phone to the Brave browser, the malware Eset is detecting originates from your Smart phone. It is being transferred to your Brave browser whenever the sync processing runs.
You will have to remove the malware from the Smart phone. Until that is done, your only alternative is to disable syncing of your Smart phone to the Brave browser.
Ref.: https://support.brave.com/hc/en-us/articles/360021218111-How-do-I-set-up-Sync-