Google's solution against hijacked Chrome settings is not sufficient - gHacks Tech News

Google's solution against hijacked Chrome settings is not sufficient

Google Chrome has fewer issues with automated third-party extension installations than Firefox for the simple reason that the browser does not support custom toolbars.

It is still possible that extensions get installed automatically, for instance after installing a security suite on your computer that adds extensions to web browsers for improved functionality.

Things that can happen as well are that programs hijack Chrome browser settings, for instance by changing the browser's home page.

Malicious programs come in disguise more often than not, for instance as a security update that is none, a video plugin that promises better video quality or less buffering, or a free screensaver that looks really cool.

One of the reactions of Google to those attack forms was to add a reset browser settings button to Google Chrome. You find it by opening chrome://settings/ in the browser, clicking on Show advanced settings, and scrolling all the way down to the bottom.

reset browser settings

A reset will change important browser settings to their default values, including the homepage, new tab page and search page. It will also disable all extensions, unpin all tabs, and clear data.

It is obvious that this is often not the best option when a third-party program changed only the homepage, or the search provider.

A new feature has been integrated into recent versions of the Chrome browser that moves the reset option to the front of the browser.

Once Chrome notices that settings have been altered by a program -- and not by the user -- it displays a reset notification right there.

reset-browser-settings

If you click reset, all browser settings mentioned above will be reset.  So, it is the same feature, but more prominently placed so that users who do not know about the reset feature can use it as well.

This may look good on paper, but it is not sufficient enough if you ask me.

First, if something modifies the browser's homepage, why offer to reset other settings as well? Plus, why reset to the default homepage and not to custom homepages that users may have set in the browser?

Second, resetting the settings may work, or, if malware is still running on the user system, may not work as the malware may revert the settings again, making this an endless game of change and reset until the user starts to investigate the matter and removes the malware on the system.

My suggestion would be to add configuration options to the browser that locks settings in place. When enabled, nothing can change the setting unless disabled first. This would resolve many of the issues that browser users face in regards to modified browser settings.

What's your take on this? Is a reset the right choice to deal with the issue?

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on February 1, 2014 at 9:58 am
    Reply

    First Google has to clean its own house. Google Play, Google app store… for malware applications and extensions.
    Next, Google is to change extensions rules from June 2014.

    As for locking settings, it won’t help as malware will unlock/disable them before making the changes.

  2. Nhick said on February 1, 2014 at 3:03 pm
    Reply

    It’s always good to have different options not just the reset button but also for those mention above..

  3. Jim said on February 1, 2014 at 4:38 pm
    Reply

    I just wish there was a way to reset or change the settings without having to open Chrome first. Something like Internet Explorer has in the Control Panel. Deleting the profile folder will do it, but I’d rather avoid that if someone’s really customized their settings.

  4. Anonymous said on February 1, 2014 at 4:59 pm
    Reply

    Just a couple of grammar notes:
    – “Sufficient” and “enough” mean the same thing, so “sufficient enough” is redundant.
    – “Google Chrome has less of issues” should be “Google Chrome has fewer issues”. If you can count the item (here: issues) it’s a number, requiring the use of “fewer”; if you can’t (e.g., “oil”), then it’s an amount, requiring the use of “less”.

    1. Martin Brinkmann said on February 1, 2014 at 5:29 pm
      Reply

      Thanks, corrected.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.