Security Experts:

Chrome to Block Apps from Injecting into Its Processes

Google’s Chrome web browser will soon prevent third-party software from injecting code into its processes.

The search giant announced that the change is planned for Chrome 68 for Windows, which is currently on track to be released in July 2018. Before the switch, however, Chrome 66 will start warning users when other software is injecting code into one of its processes.

Around two thirds of Chrome users on Windows have other applications that interact with the browser, such as accessibility or antivirus software. While some of the software needed to inject code in Chrome to ensure proper functionality, this could lead to unexpected crashes.

“Users with software that injects code into Windows Chrome are 15% more likely to experience crashes,” Chris Hamilton of the Chrome Stability Team explains

Hamilton also points out that Chrome extensions and Native Messaging provide new, modern alternatives to running code inside of Chrome processes.

This is why Chrome 68 will start blocking third-party software from injecting code into Chrome on Windows. Before that, however, Chrome 66 will start displaying a warning after a crash, informing users on other software injecting code into the browser.

The browser will also guide users into how to update or remove the third-party software responsible for the crash.

In July 2018, Chrome 68 will start blocking code injections only if the blocking won’t prevent the browser from starting. If it will, Chrome will restart and allow the injection, while also warning the users on the matter and providing guidance into removing the troubling software.

Starting in January 2019, when Chrome 72 is set to be released in the stable channel, the browser will always block code injection.

“While most software that injects code into Chrome will be affected by these changes, there are some exceptions. Microsoft-signed code, accessibility software, and IME software will not be affected,” Hamilton says.

Related: Chrome 62 Update Patches Serious Vulnerabilities

Related: Google to Remove Support for PKP in Chrome

Related: Google Patches High Risk Flaws in Chrome

view counter