Chrome Adds Warning For Extensions That Take Over Your Proxy Settings

An anonymous reader writes: "Google engineers have added two new features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page," reports Bleeping Computer. Google has been testing these two techniques sparingly with a small subset of users for more than a year, but they have now landed in Google Canary. The techniques are used by malicious Chrome extensions to hijack traffic and insert ads, or to redirect search traffic to affiliate search engine programs. The addition of these popup alerts are part of Google's plan to fight malicious Chrome extensions that have been starting to plague the Web Store.

Hey Google, don't let extensions do this.

[Anonymous Coward]

That would solve the problem, no? There really is no valid reason why this should be allowed ever. WTF.

Re: Hey Google, don't let extensions do this.

[KGIII]

Umm... They do have VPN extensions that change your proxy settings and custom new tab extensions. Those kinda presuppose the ability to do both of those things. That's probably, you know, why they allow it.

Re:

[KGIII]

Need? Nobody "needs" it. Want? It'd appear lots of people want it. If the user wants to add it, I'm pretty sure that makes it not bloatware. Bloatware is from the vendor. The user adding stuff isn't really bloatware, at least in my thinking.

You're gonna argue for fewer choices... I'm not sure we can have a productive conversation.

Re:

[Cajun Hell]

I'd take that as a reason to not allow it. It doesn't many any sense to have a VPN extension in a web browser.

If they think OS UIs suck too much for people to add VPNs at the correct level, then making it stop working in the browser is a good way to unleash pressure and incentive for the OS' defects to finally get addressed.

Re:

[KGIII]

VPNs at the browser level can make sense. Maybe you only want to mask your browser traffic? Maybe you use more than one browser and want one masked? I can probably come up with a bunch of other good reasons.

Why?

[Frosty Piss]

Chrome Adds Warning For Extensions That Take Over Your Proxy Settings...

Why does Chrome allow extensions that can hijack proxy settings?

Re:Why?

[Sigma 7]

Why does Chrome allow extensions that can hijack proxy settings?

The use case is an extension that changes proxy settings. For example, if you need/want to visit a specific website for a proxy server (such as 127.0.0.1:8080, to cache/save websites as you browse them), you can enable or disable it at a click of a button.

Of course, a better question asks why extensions have better access to the browser settings than the user. Editing proxy settings manually has to be done on the OS level, while extensions can tell Chrome to use a given proxy through an API.

Re:

[TuballoyThunder]

Considering that Google makes around $90 billion/year, 0.000000000000000001% will be less than $1/month. I don't think you will get much vetting for less than $1/month.

Re: Why?

[Anonymous Coward]

I use FoxyProxy, which changes the proxy setting depending on the site I'm visiting. That way I can access work sites through the VPN, while any other site I visit my work doesn't need to know about.

Re:

[AHuxley]

To better detect competing ad services trying work arounds.
Alert the user and the proxy will only pass the approved ads.

Re:

[nicolaiplum]

Instead ask why people have a need for such features?

That is because Chrome does not allow any sort of complex proxy settings. That's why I use Firefox, because it makes it easy to customise proxy settings without needing an extension. This is commonly needed in corporate environments where network access is not straightforward.

Chrome could reduce the problem by adding better controls itself - instead Google have left this for "the market to provide" extensions, and that is where the mess comes from today.

T

Re:

[tlhIngan]

Why does Chrome allow extensions that can hijack proxy settings?

Presumably, to allow VPN apps to exist for Chrome. Sure you can get traditional VPN apps that use your system VPN clients, but often those may require elevated priviledges. Client VPNs often use the browser to host the VPN session and route all traffic through it for the browser. Not as useful (because they only route traffic for the browser) but are quick and simple to use and require no system reconfiguration.

Re:

[thegarbz]

Why does Chrome allow extensions that can hijack proxy settings?

Every browser allows plugins that can change proxy settings. This is kind of fundamental to changing networks automatically e.g. joining a VPN. A proxy is a network setting that is often set dynamically.

Re:

[gravewax]

VPN, debuggers and web traffic analysers (e.g. fiddler), I am sure their are many other valid uses for it too.

Re:

[mjwx]

Chrome Adds Warning For Extensions That Take Over Your Proxy Settings...

Why does Chrome allow extensions that can hijack proxy settings?

Because sometimes, thats what we want an extention to do. Getting around government restrictions forced on us by Hollywood is just one of the many reasons.

What we don't want are extensions that surreptitiously change proxy settings to inject ads or malware.

Nanny Google.

[msauve]

" will alert users of extensions that hijack proxy settings"

Next up, the user won't have a choice, like their removing legacy but perfectly functional encryption methods, or lying to users that "your network may be monitored" if you install a private CA on Android. For being a business based on the net, Google is pretty clueless about how it actually works (try doing plaintext email with their Android MUA).

Re:

[Anonymous Coward]

extensions that hijack proxy settings, insert links into the newtab page, or alter search engine settings, affect google's bottom line by steering unsuspecting users away from its own properties.

there's no "nanny" here, just accountants and executives, trying to protect google's profits and market share.

captcha: alphabet

Hijack proxy settings ?

[ddtmm]

I have an idea... why don't they just build a browser that doesn't let extensions hijack the browser's proxy settings?

Re:

[msauve]

"Hijack" is a biased and erroneous pejorative. There are legitimate reasons for an extension to control the proxy.

Meanwhile, on Android

[Actually, I do RTFA]

It's frustrating how Google refuses to allow extensions to Chrome on Android. Which is too bad, because extensions are kinda a required feature to navigate the web these days.

Re:

[JaredOfEuropa]

If that's the case, then the web is seriously broken.

Re:

[KozmoStevnNaut]

Yes. Yes, it is.

The mainstream web as of 2017 is borderline useless without an adblocker at the very least, and preferably an extension to stop autoplaying media content as well.

Re:

[Cajun Hell]

No, it just means that Chrome-for-Android is broken. (And it is. Chrome is basically unusable on Android, however much you may like it on your desktop.) It's a big part of the reason that Firefox(!!?!) happens to be best browser (that I've seen so far) on Android.

Re:

[Actually, I do RTFA]

It isn't? You browse with Javascript on? Or without an adblocker? Or accepting hotlinks to any 3rd party site?