Google Chrome Will Soon Warn You of Software That Performs MitM Attacks

Share this…

Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user’s Internet connection.

A MitM attack is when an application installed on a user’s computer or a local network intercepts the user’s web traffic.

For the party performing the MitM attack, the hardest part is dealing with encrypted HTTPS traffic. Most MitM toolkits fail to correctly rewrite the user’s encrypted connections, causing SSL errors that Chrome will detect.

Chrome will show on error when it suspects MitM attacks

The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying — and failing — to intercept the user’s web traffic.

This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won’t show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.

Sasha Perigo, a Standford student, developed this new security feature while working as a Google intern.

Feature available for testing in Chrome Canary

According to the Chromium Development Calendar, Google will release Chrome 63 on December 5, bar any unforeseen events.

In the meantime, users can preview it via the Google Chrome dev branch, also known as Google Canary.

This option is not available by default in Chrome Canary, and a small trick is needed to make it appear in current distributions. Just follow the steps below:

Step 1: Find your Google Chrome Canary icon/shortcut and double click on it.
Step 2: Select “Properties” from the drop-down menu.
Step 3:  In the “Target” field, add the following text “–enable-features=MITMSoftwareInterstitial” and hit “Save.”

Chrome Canary MitM flag setup