CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome to Block Apps from Injecting into Its Processes

Google’s Chrome web browser will soon prevent third-party software from injecting code into its processes.

Google’s Chrome web browser will soon prevent third-party software from injecting code into its processes.

The search giant announced that the change is planned for Chrome 68 for Windows, which is currently on track to be released in July 2018. Before the switch, however, Chrome 66 will start warning users when other software is injecting code into one of its processes.

Around two thirds of Chrome users on Windows have other applications that interact with the browser, such as accessibility or antivirus software. While some of the software needed to inject code in Chrome to ensure proper functionality, this could lead to unexpected crashes.

“Users with software that injects code into Windows Chrome are 15% more likely to experience crashes,” Chris Hamilton of the Chrome Stability Team explains

Hamilton also points out that Chrome extensions and Native Messaging provide new, modern alternatives to running code inside of Chrome processes.

This is why Chrome 68 will start blocking third-party software from injecting code into Chrome on Windows. Before that, however, Chrome 66 will start displaying a warning after a crash, informing users on other software injecting code into the browser.

The browser will also guide users into how to update or remove the third-party software responsible for the crash.

In July 2018, Chrome 68 will start blocking code injections only if the blocking won’t prevent the browser from starting. If it will, Chrome will restart and allow the injection, while also warning the users on the matter and providing guidance into removing the troubling software.

Advertisement. Scroll to continue reading.

Starting in January 2019, when Chrome 72 is set to be released in the stable channel, the browser will always block code injection.

“While most software that injects code into Chrome will be affected by these changes, there are some exceptions. Microsoft-signed code, accessibility software, and IME software will not be affected,” Hamilton says.

Related: Chrome 62 Update Patches Serious Vulnerabilities

Related: Google to Remove Support for PKP in Chrome

Related: Google Patches High Risk Flaws in Chrome

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.