Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Adds Warning For Extensions That Take Over Your Proxy Settings (bleepingcomputer.com)

Posted by BeauHD on from the heads-up dept.

An anonymous reader writes: "Google engineers have added two new features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page," reports Bleeping Computer. Google has been testing these two techniques sparingly with a small subset of users for more than a year, but they have now landed in Google Canary. The techniques are used by malicious Chrome extensions to hijack traffic and insert ads, or to redirect search traffic to affiliate search engine programs. The addition of these popup alerts are part of Google's plan to fight malicious Chrome extensions that have been starting to plague the Web Store.

8 of 36 comments (clear)

  1. Hey Google, don't let extensions do this. by Anonymous Coward · · Score: 2, Insightful

    That would solve the problem, no? There really is no valid reason why this should be allowed ever. WTF.

    1. Re: Hey Google, don't let extensions do this. by KGIII · · Score: 2

      Umm... They do have VPN extensions that change your proxy settings and custom new tab extensions. Those kinda presuppose the ability to do both of those things. That's probably, you know, why they allow it.

      --
      "So long and thanks for all the fish."
  2. Why? by Frosty+Piss · · Score: 4, Insightful

    Chrome Adds Warning For Extensions That Take Over Your Proxy Settings...

    Why does Chrome allow extensions that can hijack proxy settings?

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Why? by Sigma+7 · · Score: 3

      Why does Chrome allow extensions that can hijack proxy settings?

      The use case is an extension that changes proxy settings. For example, if you need/want to visit a specific website for a proxy server (such as 127.0.0.1:8080, to cache/save websites as you browse them), you can enable or disable it at a click of a button.

      Of course, a better question asks why extensions have better access to the browser settings than the user. Editing proxy settings manually has to be done on the OS level, while extensions can tell Chrome to use a given proxy through an API.

    2. Re:Why? by nicolaiplum · · Score: 2

      Instead ask why people have a need for such features?

      That is because Chrome does not allow any sort of complex proxy settings. That's why I use Firefox, because it makes it easy to customise proxy settings without needing an extension. This is commonly needed in corporate environments where network access is not straightforward.

      Chrome could reduce the problem by adding better controls itself - instead Google have left this for "the market to provide" extensions, and that is where the mess comes from today.

      They do this in other places, such as the lack of any builtin Bluetooth file transfer or other features in Android (when my Nokia phone had built-in Bluetooth file transfer 15 years ago). They made this problem much worse than it has to be.

      --
      "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
  3. Nanny Google. by msauve · · Score: 2

    " will alert users of extensions that hijack proxy settings"

    Next up, the user won't have a choice, like their removing legacy but perfectly functional encryption methods, or lying to users that "your network may be monitored" if you install a private CA on Android. For being a business based on the net, Google is pretty clueless about how it actually works (try doing plaintext email with their Android MUA).

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  4. Re:Hijack proxy settings ? by msauve · · Score: 2

    "Hijack" is a biased and erroneous pejorative. There are legitimate reasons for an extension to control the proxy.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  5. Re:Meanwhile, on Android by KozmoStevnNaut · · Score: 2

    Yes. Yes, it is.

    The mainstream web as of 2017 is borderline useless without an adblocker at the very least, and preferably an extension to stop autoplaying media content as well.

    --
    Eat the rich.