Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.
A MitM attack is when an application installed on a user's computer or a local network intercepts the user's web traffic.
For the party performing the MitM attack, the hardest part is dealing with encrypted HTTPS traffic. Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect.
Chrome will show on error when it suspects MitM attacks
The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying — and failing — to intercept the user's web traffic.
This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won't show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.
Sasha Perigo, a Standford student, developed this new security feature while working as a Google intern.
Feature available for testing in Chrome Canary
According to the Chromium Development Calendar, Google will release Chrome 63 on December 5, bar any unforeseen events.
In the meantime, users can preview it via the Google Chrome dev branch, also known as Google Canary.
This option is not available by default in Chrome Canary, and a small trick is needed to make it appear in current distributions. Just follow the steps below:
Step 1: Find your Google Chrome Canary icon/shortcut and double click on it.
Step 2: Select "Properties" from the drop-down menu.
Step 3: In the "Target" field, add the following text "--enable-features=MITMSoftwareInterstitial" and hit "Save."
Image credits: Sasha Perigo, Bleeping Computer
Comments
Occasional - 6 years ago
Great that browser publishers are touting security features (rather than features that just get users into more trouble, faster); but troubling if the screenshot is what users will have to guide them.
BC readers are generally on the north end of the Bell Curve of IT sophistication. Yet, how many here would see that warning screen (especially if they hadn't known about the new feature), and be confident in their response?
"An application is..." Which application, the one on the following line? Did I install that? Shouldn't I have? Is the problem with the installation or the application itself?
Then there are the "Try ..." bullets. Ok. If you say it's safe to do that. What do I do if that doesn't solve the problem?
Don't know what's worse: when a novice on their own is left to figure it out; or when an employee on corporate system makes an IT support type judgement call, in order to keep working.
To top it off, how long before there are counterfeit website pages or popup screens, with links to click, that will look just like the Chrome warning page? Except for the tell in the address bar, spoofing the rest is trivial.
buddy215 - 6 years ago
I hope Sasha is not one of those DREAMERS that the Repugnant pols want to deport or shoot.
rhasce - 6 years ago
Will they warm us about themselves?