Google chrome’s new security feature detects MitM attacks


MitM attack

Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user’s Internet connection.

A MitM attack is when an application installed on a user’s computer or a local network intercepts the user’s web traffic.

For the party performing the MitM attack, the hardest part is dealing with encrypted HTTPS traffic. Most MitM toolkits fail to correctly rewrite the user’s encrypted connections, causing SSL errors that Chrome will detect.

new Chrome 63 feature

The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan. A sign that someone trying and failing to intercept the user’s web traffic.

Toast Overlay attack, a warning for users of older versions of Android

This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won’t show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.

According to the Chromium Development Calendar, Google will release Chrome 63 on December 5, bar any unforeseen events. In the meantime, users can preview it via the Google Chrome dev branch, also known as Google Canary.

This option is not available by default in Chrome Canary, and a small trick is needed to make it appear in current distributions.