Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Browser will block third-party software from mucking around with pages next year

By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.

This is according to a post today on the Chromium blog that laid out the July release of Chrome 68 for Windows as the target for new rules that will block all third-party apps from injecting scripts into browser sessions.

The idea, explained the Chocolate Factory, is to cut down on stability issues that arise when Chrome lets other apps execute code that can be buggy or incompatible with other software.

"Roughly two-thirds of Windows Chrome users have other applications on their machines that interact with Chrome, such as accessibility or antivirus software," said Chrome stability team member Chris Hamilton.

"In the past, this software needed to inject code in Chrome in order to function properly; unfortunately, users with software that injects code into Windows Chrome are 15 per cent more likely to experience crashes."

Man confused by laptop

Wondering why your internal .dev web app has stopped working?

READ MORE

In particular, the target here seems to be poorly coded AV tools can not only crash the browser or cause slowdowns, but also introduce security vulnerabilities of their own for hackers to exploit.

Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes.

For now, the policy will likely only be of concern to developers. Users won't notice the development until April 2018, when Chrome 66 will begin showing notifications after Chrome crashes due to injected code. These alerts will finger third-party programs for the cause of the breakdown.

With Chrome 68, the browser will block third-party code in all cases except when the blocking itself would cause a crash. In that case, Chrome will reload, allow the code to run, and then give the user a warning that the third-party software will need to be removed for Chrome to run properly. The warning will be removed and nearly all code injection will be disabled in January of 2019.

"While most software that injects code into Chrome will be affected by these changes, there are some exceptions," said Hamilton.

"Microsoft-signed code, accessibility software, and IME software will not be affected."

Google is advising developers to get out ahead of the changes by shifting to extensions or Native Messaging and testing their software for compatibility with Chrome Beta browser builds. Essentially, get rewriting your code, programmers. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like