MBAE 1.12.1.124 has removed default Chrome shield.

[Spritesprint]

Hi.

MBAE updated itself to 1.12.1.124 yesterday.

I've noticed today the default chrome shield (and plug ins) has vanished. Gone. It isn't in the list nor is it showing up in the logs.

I really hope this is a mistake/oversight as many people will get the auto update and not even realise Chrome protection is not there anymore.

Is this intentional or just a mistake? Thanks.

P.S. if it is a mistake and it will be re-added, could you possibly add Vivaldi as a default shield too? Thanks :)

[Rsullinger]

Hello Spritesprint,

Unfortunately it is not a mistake. We removed protection for Chrome due to Google’s new policy against code injection into Chrome. Because of this policy, we would not be able to protect chrome in that same way going forward. 

This blog from them explains as to why they are doing this:

 

https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html

[Spritesprint]

Thanks for the quick reply @Rsullinger

Do you know if it's just Chrome or all Chromium based browsers? Because if it's just Chrome rather than Chromium I really will switch to Vivaldi full time now (if only it was a default shield! Sorry I'll stop that now.)

So yeah...Just Chrome or all Chromium browsers? Thanks

[Rsullinger]

Hey Spritesprint,

 

The google chrome shield was the only one we touched due to this issue. So any other browser we currently protect will not be affected unless the other chromium browsers get the same treatment.

I can see if we can see about Vivaldi. Ill send that feedback to the team to consider going forward.

 

[hake]

If Google Chrome can be made invulnerable then very good. However, previous experience shows that nothing is completely invulnerable and the loss of extra protection afforded by a variety of protections which obfuscate the vulnerability of such exposed software as Google Chrome will enable hackers to concentrate on single targets which will henceforth lack multiple layers of defence. I am having second thoughts about trusting Google Chrome now it is being weakened by Google's arrogant policy of locking out the expertise of the likes of MalwareBytes, Avast and other experts in the field of anti- malware defences.  Where will we be if a culture of complacency settles on the management of Google Chrome? Two or more heads are better than one.

Edited August 31, 2018 by hake

[hake]

"Google’s new policy against code injection into Chrome "

Can Google prevent code injection into Chrome?  More to the point, can Google assure its users that it will  prevent exploits within Chrome? We need MalwareBytes and the like to act as Devil's Advocates as they did until this regressive Google policy appeared.

How do we know that Google is not using or planning to use this device to conceal behaviour within Google Chrome that its users would not approve of if they knew?  Is it or will it become a transparency blocker?

By arrogating unto itself the job of protecting Chrome against malware and exploits, Google is reducing the randomness of the entity which hackers want to attack because they need only to evade detection by one antimalware software system. Anti-malware firms like MalwareBytes and Avast increase entropy within the workings of Chrome and so make it harder for the hackers to succesfully attack Chrome. Google is unwittingly seeking to make its browser less secure.

Edited September 1, 2018 by hake

[Tangerine]

Just wondering, will it be possible to add to the shield older versions of google chrome ( 49) ?

 

Cheers

[hake]

I am sticking with MBAE 1.12.1.109.

Edited September 14, 2018 by hake

[exile360]

I'm using SRware Iron (latest build) which is based on Chromium (just without Google's branding/ads/tracking etc.), and I added it as a custom browser shield in my Exploit Protection in Malwarebytes and so far everything has been fine.  I've been running it this way since the initial MB3 release where Chrome was removed and have had 0 problems so far.  I'm hoping that the other Chromium browsers like Iron, Vivaldi etc. continue to not adopt Google's policy regarding code injection as it is a necessity for proper protection from exploits, many of which these days target Chrome specifically given its prominence on mobile platforms and widespread popularity on PCs and Macs.