Blog: Chrome

When something really messes up Chrome, being logged into your Google account and having Chrome sync settings makes repairing things pretty painless. 

Recently, I couldn't get my LastPass Chrome extension to log into my LastPass account. Since I rely heavily on LastPass to handle various website credentials, I'm handicapped if I can't get it working in the browser extension.

I tried a number of things, including removing and reinstalling the Chrome extension. However, the only thing that solved the problem was to reset Chrome completely. Fortunately, I could restart the browser, log into Google and wait a few minutes for everything (default home pages, bookmarks, browser extensions, etc.) to sync. In this particular case, I had to add the LastPass extension again since the last sync must have been when I had it removed while trying to troubleshoot this problem. The reset fixed the problem and the sync brought me back to my standard Chrome configuration.


 

We had a customer report that all browser windows were closing for users and this was increasing in frequency. Most of the users reporting the issue were at the corporate office, which has about 150 users and is where the IT department is located. I performed a remote session with on the users and confirmed the issue. Internet Explorer, Chrome, and Firefox all would close, not crash, at the same time.

My first thought was that some remote assistance and IT management software they had recently installed was causing the issues. We uninstalled the software and the issues continued. My next thought was that something malicious was on the network and was killing the processes remotely. I moved the PC to the guest wireless network and the issues stopped. After moving the PC back to the internal network, the issues began again. After a while, the issues randomly stopped for this user. I moved on to looking at another user's PC. The IT department did not know of any new devices that had been brought onto the network.

Whatever was causing the issues was obviously powerful enough to kill processes. The browsers seemed to be closing at regular intervals, at the top of the hour and half after the hour. I started Process Monitor, Process Explorer, and WireShark, opened the browser, and waited. As expected, the issue occurred again. I started looking through the WireShark logs and did not see anything odd. I looked at the Process Monitor log and found several cmd.exe processes killing the browser applications. At about the same time I saw the cmd.exe commands that killed the browser processes, I saw nxclient.exe processes that called cmd.exe and ran taskkill commands.

I started searching online and found a blog on the NxFilter support group discussing the same issue. This customer has NxFilter for web filtering for several years. They were using version 5.0 of NxClient, which was before the version mentioned in the NxFilter support group. The NxFilter creator responded to that group and said that the client was doing so to force a refresh the user's session, but that this is not the correct behavior. There was a new version of NxClient that fixed this behavior. Version 9.1.3 of NxClient was current, so I updated the customer to use the newer version. That resolved the issues. 

 


 

There is a feature in Google Chrome that can make browsing secure internal web sites a little less painful and possibly more efficient. When you access a site with a self-signed, untrusted, or expired certificate, Chrome will present you with a warning in your browser like below:

This is intended to protect you from going to a site that may have been compromised by some type of man-in-the-middle attack. However when you browse to an internal management interface like a UPS or other appliance, you're likely going to receive this warning because IT administrators typically don’t install public certificates on these peripheral devices. Therefore, we know that this certificate is untrusted and would prefer not to see the warning every time because it will always be untrusted.
 
Enter chrome://flags. This includes the under-the-hood settings for Chrome – similar to about:config in Firefox.
 
The Flags area allows you to configure a setting to bypass the SSL warning every time you visit for a period of time. Setting this for 1 week is typical but you can extend it to up to three months.


 
 


 

Upon installing an Adobe update on a PC, it installed Chrome as the new default browser.  After the installation finished, Chrome was uninstalled.  Sometime later, the user found they couldn't click on any URL links in Outlook messages without getting an error message.  The solution is to either remove certain registry entries left behind by Chrome or reinstall Chrome. In this case, Chrome was reinstalled and IE was left as the default browser and everything began to work.

 

Ran across this issue three different times; a user installs Adobe Reader update and Google Chrome gets installed. The user then uninstalls Chrome and when they try to access hyperlinks from any program, it fails. They would receive the error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."  Going in and changing default browser settings did not fix the problem. It requires registry changes to fix the default browser.

Restore registry settings in the User Profile: [more]

  1. Click Start, click Run, type Regedit in the Open box, and then click OK.
  2. Locate the following subkey:
    HKEY_CURRENT_USER\Software\Classes\.html
  3. On the File menu, click Export.
  4. In the Export Registry File dialog box, enter HKCU_Classes_HTML_Backup.reg and click Save.
    Note: This will create a backup of this registry key in the My Documents folder by default.
  5. Right click the (Default) value for the .html key and select Modify...
  6. Change the value from "ChromeHTML" to "htmlfile"  (or from FireFoxHTML to htmlfile)

Repeat steps 1-6 for .htm .shtml .xhtm and .xhtml k

I have read that you can change the default browser prior to uninstalling and this will not be a problem. However I have not tested this.


 

The Google Chrome OS is just the Chrome browser running on a thin OS.  So extensions are like applications installed on other operating systems.  They have much more power than Firefox plugins.  Extensions are not reviewed, just removed when people complain.  Many extensions have cross site scripting vulnerabilities, enabling one extension to read and write information in other tabs.  For example, an extension could inject javascript into the tab for your online banking and have it collect and send your credentials to the attacker.  It could even show you the old figures so that you don’t even know that your all your money was transferred out of your account.

This information is from a session I attended at Black Hat called Hacking Google Chrome OS presented by Matt Johansen and Kyle Osborn of WhiteHat Security.


 

This is sort of a follow up to a post about the Firefox addon Certificate Patrol.  The addon Perspectives also helps watch out for certificate related problems.  When you go to a secure web site, Perspectives can (with a click or automatically) check with several “notaries” scattered around the world and tell you whether they are getting the same certificate from that site as you are.  Read http://perspectives-project.org/ for more details.  Here is a link to the Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/perspectives.  There is also an Alpha, very experimental Chrome addon https://chrome.google.com/webstore/detail/lnppfgdnjafeikakadfopejdpglpiahn.

This project is out of Carnegie Mellon University  The notary server is open source, so anyone can run their own servers.  By default, the plugin uses several servers that seem to be run by the Massachusetts Institute of Technology.


 

This approach is certainly not for everyone, but here is what I have done to mitigate the problem with so many certificate authorities out there.  The Comodo breach of March 2011, for example, allowed some bad guys to use a registration authority to generate valid certificates for Google, Yahoo, Skype, etc.  There are companies that sell boxes with software that will generate a valid certificates on the fly for every secure web site you visit in order to be able to observe your traffic.  With so many CAs, the risk of misuse has increased.  These comments mainly apply to Windows.

I think it was during May 2010, I edited the trust level on the root CA certificates in Firefox to only trust about 10 of them.  I think I have had to trust maybe two more since then.  I started with the list at http://netsekure.org/2010/05/results-after-30-days-of-almost-no-trusted-cas.  There are several links on this page that explain a lot about how Windows handles certificates.  This is one of the major reasons I use Firefox instead of IE.

To change the trust level of certificates in Firefox, go to Options, select the Encryption tab, and then the View Certificates button.  This brings up the Certificate Manger window.  The Authorities tab in the Certificate Manage window is where all the CAs are listed. Select each certificate and then select the Edit Trust button at the bottom.  This is where you can disable trusting each CA’s certificate. [more]

I also run the Firefox Addon Certificate Patrol which saves every certificate and warns me if a certificate has changed.  The primary blogger with the Tor Project, phobos (I don’t know the real name), suggests being your own certificate authority in a manual sort of way and not trusting any external certificate authorities (https://blog.torproject.org/blog/life-without-ca). I decided not to go that far.

If you prefer another browser such as Google Chrome or Internet Explorer, the procedure will be different.   Chrome and IE use the Windows certificate store, so you will have to delete the certificates that you do not want to trust.  Opera has it’s own store, but operates like Windows, downloading additional root certificates behind your back.  You may be able to preload these and remove the trust, but I have not taken the time to look into this.  I know nothing about how Safari handles certificates.

As I mentioned at the begining of the article, this approach is not for everyone.  However, for technical users with a little patience you can greatly reduce the likelihood you'll fall susceptible to a spoofed SSL certificate.


 

If you haven't looked at Google's browser Chrome, now is a great time. Google wants Chrome to be the fastest, most secure and stable browser available to get more users of Google sites and viewers of Google ads. Chrome is available for Windows, OS X, and Linux. After you install Chrome from http://google.com/chrome, the program will update automatically when a new version is available. The goal of the automatic update is to not only to fix bugs as soon as possible, but to introduce new features quickly. Two new and useful features are searchable options and browser sync.  [more]

A major problem with any program is where to find the settings or options you want to change. The standard practice is to arrange the most settings/options in groups that seem to be related. Unfortunately most programmers have a different idea about what 'related' features go together compared to normal users. Chrome has implemented a search box for settings and options that makes finding what you need amazingly fast and simple. For example if you want to check the options for managing stored passwords, just enter "password" in the Options search and you will see all the settings for passwords.

The search even tells you when the searched term in on a dialog.

After getting Chrome to work just the way you want, it's a major pain to remember all the extensions and preferences when you setup another computer. That's where Chrome's Sync function comes in handy. If you have a Google account, you can save any installed Apps, form auto-fill values, bookmarks, extensions, passwords, preferences, and themes on Google's servers. Then when you choose to sync another Chrome installation on another computer, the new browser will look and act just like the one you configured. The sync works across different operating systems as well. You can chose to only sync some data. For example you might not want to sync passwords across different browsers.

 


 

The Level Platforms Service Center website is probably not very standards-compliant.  We've know for some time that Firefox and Chrome browsers don’t render it properly, but I’ve recently seen more critical problems, such as the Site Management page showing a blank site-list in Chrome.  Some of the monitoring procedures require these pages, so using IE (or Firefox add-on like IE Tab) may be the only way to see everything properly.