Google’s solution against hijacked Chrome settings is not sufficient

Advertisement

Google Chrome has fewer issues with automated third-party extension installations than Firefox for the simple reason that the browser does not support custom toolbars.

It is still possible that extensions get installed automatically, for instance after installing a security suite on your computer that adds extensions to web browsers for improved functionality.

Things that can happen as well are that programs hijack Chrome browser settings, for instance by changing the browser's home page.

Malicious programs come in disguise more often than not, for instance as a security update that is none, a video plugin that promises better video quality or less buffering, or a free screensaver that looks really cool.

One of the reactions of Google to those attack forms was to add a reset browser settings button to Google Chrome. You find it by opening chrome://settings/ in the browser, clicking on Show advanced settings, and scrolling all the way down to the bottom.

reset browser settings

A reset will change important browser settings to their default values, including the homepage, new tab page and search page. It will also disable all extensions, unpin all tabs, and clear data.

It is obvious that this is often not the best option when a third-party program changed only the homepage, or the search provider.

A new feature has been integrated into recent versions of the Chrome browser that moves the reset option to the front of the browser.

Once Chrome notices that settings have been altered by a program -- and not by the user -- it displays a reset notification right there.

reset-browser-settings

If you click reset, all browser settings mentioned above will be reset.  So, it is the same feature, but more prominently placed so that users who do not know about the reset feature can use it as well.

This may look good on paper, but it is not sufficient enough if you ask me.

First, if something modifies the browser's homepage, why offer to reset other settings as well? Plus, why reset to the default homepage and not to custom homepages that users may have set in the browser?

Second, resetting the settings may work, or, if malware is still running on the user system, may not work as the malware may revert the settings again, making this an endless game of change and reset until the user starts to investigate the matter and removes the malware on the system.

My suggestion would be to add configuration options to the browser that locks settings in place. When enabled, nothing can change the setting unless disabled first. This would resolve many of the issues that browser users face in regards to modified browser settings.

What's your take on this? Is a reset the right choice to deal with the issue?

Please share this article

facebooktwittergoogle_plusredditlinkedinmail

Advertisement

Responses to Google’s solution against hijacked Chrome settings is not sufficient

  1. ilev February 1, 2014 at 9:58 am #

    First Google has to clean its own house. Google Play, Google app store... for malware applications and extensions.
    Next, Google is to change extensions rules from June 2014.

    As for locking settings, it won't help as malware will unlock/disable them before making the changes.

  2. Nhick February 1, 2014 at 3:03 pm #

    It's always good to have different options not just the reset button but also for those mention above..

  3. Jim February 1, 2014 at 4:38 pm #

    I just wish there was a way to reset or change the settings without having to open Chrome first. Something like Internet Explorer has in the Control Panel. Deleting the profile folder will do it, but I'd rather avoid that if someone's really customized their settings.

  4. Anonymous February 1, 2014 at 4:59 pm #

    Just a couple of grammar notes:
    - "Sufficient" and "enough" mean the same thing, so "sufficient enough" is redundant.
    - "Google Chrome has less of issues" should be "Google Chrome has fewer issues". If you can count the item (here: issues) it's a number, requiring the use of "fewer"; if you can't (e.g., "oil"), then it's an amount, requiring the use of "less".

Leave a Reply