Chrome 63 notifies you of Man-in-the-Middle issues

Martin Brinkmann
Sep 11, 2017
Google Chrome
|
9

Google plans to launch a new security feature in the upcoming Chrome 63 browser that notifies users about Man-in-the-Middle (MITM) issues.

MITM is best known as a method to attack user systems by intercepting and manipulating traffic. Many security programs with firewall and browsing components do use similar functionality to inspect encrypted traffic.

The security feature that will launch in Chrome 63 displays a notification to users if (legitimate) security software causes issues on the system because of its interference with encrypted SSL traffic.

chrome man-in-the middle

Google Chrome displays a notification if it detects Man-in-the-Middle interference with connections to secure sites.

The notification reads:

  • An application is stopping Chrome from safely connecting to this site.
  • "Name of Software" wasn't installed properly on your computer or your network.
  • Try uninstalling or disabling "Name of Software"
  • Try connecting to another network

Chrome displays the name of the program that is responsible for the behavior, and suggests to uninstall or disable it. An update may help as well if one is available that resolves issues with the behavior, or to disable the functionality in the security program that taps into connections if such an option exists.

It is important to note that Chrome will distinguish between MITM issues caused by "legitimate" software installed on the system, and MITM attacks. Chrome displays the new notification for the former only, while it will show a SSL error page just like before for the latter.

Sasha Perigo, the project lead of the feature provides the following information on the workings of the feature:

For this error page we say a user has "misconfigured" software if they don't have the root required for the MITM program.

We check the error code the certificate validator threw, and check fields on the missing cert to see if it's MITM software.

This error page will only be shown to users who were already seeing SSL errors. If you're not seeing SSL errors right now, you're all good!

She confirms that there is a chance of false positives, and that a team monitors the functionality and will adjust it if the need arises.

Chrome 63's planned release date is December 5th, 2017. The feature is part of any version of Chrome that is already on version 63.  Only Chrome Canary is on version 63 right now, which means that the following works only in that particular version of Chrome and not in Dev or Beta channel builds right now.

Tip: load about:chrome to check the version of the web browser. If you see version 63, the feature is available.

The new feature needs to be enabled manually in Chrome Canary right now. You don't need to do this once it lands in stable, as it is then part of all versions of Chrome automatically.

You need to launch Chrome with the parameter --enable-features=MITMSoftwareInterstitial.

On Windows, you'd simply right-click on the Chrome icon on the taskbar, then again on Google Chrome Canary when the menu opens, and there on properties. A single right-click is sufficient if you right-click on the Chrome shortcut on the Desktop or in the Start Menu.

Append --enable-features=MITMSoftwareInterstitial to the end of the target field, and make sure there is a space between the previous value and the new parameter, e.g. "C:\Users\Martin\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --enable-features=MITMSoftwareInterstitial.

Summary
Chrome 63 notifies you of Man-in-the-Middle issues
Article Name
Chrome 63 notifies you of Man-in-the-Middle issues
Description
Google plans to launch a new security feature in the upcoming Chrome 63 browser that notifies users about Man-in-the-Middle (MITM) issues.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Curtis K said on September 14, 2017 at 3:41 am
    Reply

    All Chromium-based (including Chrome) browsers are useless – no option to disable JavaScript globally not just individually sites.

  2. Andrew Morris said on September 12, 2017 at 2:11 am
    Reply

    I wonder how this will act with corporate firewalls that are basically doing MitM attacks on their user’s connections to enforce content filter and protect against pesky viruses that come down SSL connections to end users?

  3. roger said on September 11, 2017 at 11:33 pm
    Reply

    So basically if you were already seeing SSL issues, you’ll be affected. How often does that happen?

    1. CHEF-KOCH said on September 12, 2017 at 12:04 am
      Reply

      This implementation isn’t really designed for MITM in the first place, the real reason is that some AV software in the past implemented their AV Firewall/SSL not the right way, then you often saw the error and most of the time the server owner/webmaster got blamed for this. In fact if it’s bad implemented such tunnels are weak and vulnerable against attacks and side-channel interception.

      So since Chrome 63 you can now add “–enable-features=MITMSoftwareInterstitial” param to see the name of what is intercepting the connection.
      https://chromium-review.googlesource.com/c/chromium/src/+/656507/4

      However, this isn’t a new error code it’s just an warning/hint as Sasha Perigo tells us (https://twitter.com/sashaperigo/status/906263091624591360), the developer of this new ‘feature’.

  4. CHEF-KOCH said on September 11, 2017 at 8:27 pm
    Reply

    I wonder how long it takes for Mozilla to steal … oh I mean ‘adapt’ this feature. :-D

    1. Flotsam said on September 13, 2017 at 2:13 pm
      Reply

      I seem to recall a couple of Firefox extensions that check for MitM attacks. They’ve been around for a while, I think.

  5. Anonymous said on September 11, 2017 at 11:19 am
    Reply

    The reason this is useful is that many antivirus actually mess with the secure connection and make it less secure when it finally leaves the computer. If I remember correctly an written by some security expert a few…months ago, maybe a year.

    Don’t take this at face value, double check what I’m saying if you’re interested or dismiss it otherwise, because it’s too vague.

  6. ilev said on September 11, 2017 at 7:30 am
    Reply

    Won’t the new feature in Chrome 63 regard Proxy or VPN connections as Man-in-the-Middle interference ?

    1. Martin Brinkmann said on September 11, 2017 at 7:59 am
      Reply

      I don’t think so generally speaking.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.