Chrome Connecting To Random Domains On Start? Here Is Why! - gHacks Tech News

Chrome Connecting To Random Domains On Start? Here Is Why!

If you are monitoring your network traffic closely you may have noticed that the Google Chrome web browser and its Open Source counterpart Chromium are both trying to connect to three random ten letter words on start up. For most users, it is not clear why the browser is making those connections, and some have even assumed that they were either made to send information privately to Google, for tracking purposes, or even caused by malware running on the system.

Mike West analyzed the part of the browser's source code that was responsible for making the connections. He discovered that Chrome and Chromium are making those connections to help the browser's Omnibox figure out user intents correctly.

The issue that Google aims to fix with these connections is easily explained. Some Internet Service Providers have started to intercept requests that do not resolve properly. If you enter ghacks for instance in the address bar and tap on the return key afterwards, Chrome needs to figure out if you want to search for the term ghacks, or if you want to visit the site http://ghacks/. Since it cannot do that, it displays an infobar if the word would resolve to an existing domain name giving the user the chance to open the domain with another click.

When ISPs intercept the lookups to display their own error pages, usually filled with advertisement and search options, then it appears to the browser as if the word would resolve just fine. This in turn would mean that users would see the infobox in the browser even for words that do not resolve.

To prevent this, Google is making these three initial lookups on start up to see if ISPs intercept requests that cannot be resolved. It compares the IP addresses of the pages that are returned, and turns the infobox off if they are identical (as this suggests an ISP is intercepting the look ups).

How can you find out if Chrome or Chromium are making those requests? You can use programs that monitor traffic on the system. One example would be the free tool Fiddler which can show you the connections the browser makes.

google chrome random requests

The three random connections are highlighted in the screenshot above.

The three connections are nothing that users need to worry about. Thanks Mike for finding that out for us.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Jyo said on February 19, 2012 at 1:36 am
    Reply

    This is a very interesting read, the way they approach and solve the omnibox issue. And thanks for sharing Fiddler with us too.

  2. vasa1 said on February 19, 2012 at 4:26 am
    Reply

    Nice! I used to wonder about those entries but never got around to figuring out what they were. Incidentally, I use Privoxy to log and control http:// connections. One advantage of Privoxy is that it’s cross-platform.

  3. Watt said on February 20, 2012 at 6:17 pm
    Reply

    Thanks for the information, it’s very curious !

  4. TheOldFellow said on February 21, 2012 at 1:43 pm
    Reply

    Interesting, well done Google.
    Now what would someone without Windows do to discover things since Fiddler is a Windows program?

    1. Sum Yung Gai said on February 21, 2012 at 5:24 pm
      Reply

      Wireshark, which is cross-platform, would also get us that information.

  5. PrataOuro.com said on February 23, 2012 at 3:25 pm
    Reply

    Very interesting the Fiddler, thanks.

  6. Edu said on May 14, 2012 at 8:30 pm
    Reply

    Buit it does more than that… in my case, it connects to ve-in-f95.1e100.net and gru03s05-in-f16.1e100.net that are both google.

    It seems to be an https connection (the data is not readable). And it seems to keep running for a while. Anybody knws what it is?

  7. Febrika Setiyawan said on February 25, 2014 at 5:03 pm
    Reply

    Nice info =) I also experience that.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.