All about developments relating to the Google Chrome and Chromium web browsers, Chrome apps and extensions, ChromeOS, and Chromebooks. Post links, ask questions, find solutions, and discuss Chrome-related subjects. Some things to consider before posting or commenting:. Please follow and the. We have a zero tolerance policy toward spammers and trolls. If you're posting a request for help with Chrome, please use this tag at the beginning of your post title: help. If you're looking for help with a specific issue, please include your info from about:version (click the triple-bar button- 'About Google Chrome') and what OS you're using.
Jump to Remove adware from Chrome on Mac or Windows with ease - Users looking for Chrome adware removal guidelines should look no. This guide will help you identify if your Mac is infected and how to remove Weknow.ac from your Chrome and Safari. Or third-party apps created by websites that typically supply adware and potentially unwanted programs (PUPs). Steps to Remove Weknow.ac from Your Mac.
Also, such requests should only be done as self-posts. Please don't link to blogspam, meaning blogs or websites that are simply re-hosting articles/information ripped off from other sites. Post directly to the original article or source whenever possible. If you are unable to abide by this simple request, or if your only submissions are to the same sites over and over, or to your personal site(s), you will be banned. We welcome you to post links to any Chrome extensions that you have created, within reason. Posting the same links multiple times, or posting them as comments on posts that have nothing to do with your extension is considered spamming, and you will be banned for such actions. Please don't post image-only links; post screenshots inside a self-post, and please don't post memes or imagemacros.
Our AutoModerator removes bare links to images. Please use for comics, memes, and similar posts. Posting tip: check the for your submission after posting.
If it isn't there,. If you see a spammer, troll, or, please use the report option and/or.
If you think you found a bug, please report it at Other Google related subreddits Questions? Submission not showing up? Spot a spammer or a troll? And we will look into it ASAP. Protip: only reporting everything a spammer or troll posts without sending the mods a message isn't all that helpful.
If you are being redirected/affected, send a net internals log (chrome://net-internals) WHILE being redirected/affected to. See EDIT 5 for more info. Recently, sometimes when I open a new link, instead of opening the link, I'm sent to a website 'chrome-navigation-error.info'. I have no idea how this problem started, but I'm assuming it's from some kind of malware. However, I have a mac, and it doesn't look like there are any conclusive ways to remove malware from macs like there is for PCs (eg malwarebytes). Moreover, I don't know if this is a problem with the browser, or Mac itself. Does anyone know the best way to proceed with this?
Thanks very much. EDIT: Ok, so it seems that this problem is not limited to Macs, and is happening to people who don't even have extensions. I have Cox as my ISP, and people have mentioned this as a problem on Verizon and Comcast as well. Do we know if this is limited to Chrome? Has anyone seen any cases of this on other browsers?
I haven't made a topic on the Chrome product forums, but if someone wants to do that, feel free to PM me or leave a comment and I'll throw the link to the thread up here. EDIT 2: Link to thread on Google product forums: EDIT 3 (2/16/14 8:32 PM EST): Here's the issue report on the Chromium project website (thanks ): Make sure to star the thread to help get it attention. Also, pointed out an article on a Linksys router attack which may or may not be related: What routers does everyone have? EDIT 4 (2/17/14 12:26 AM EST): Yeah, this seems unrelated to the linksys router issue as a few people have pointed out. I have an ASUS router anyways.
EDIT 5 (2/17/14 5:12 PM EST): I've been contacted by someone on the Chrome team who would like information from anyone WHILE they're being affected/redirected by this issue: We're trying to determine if this is Chrome or something lower (DNS, etc). I'd like a net internals log (chrome://net-internals) from a user that's affected. Would you be able to update your post asking for a chrome://net-internals log from an affected user while getting redirected? Since the bug is locked, it's probably best if users just email the log:.
Just FYI everybody, there's been a response from a Google employee. It appears that they've concluded that this is purely a DNS poisoning issue and they're encouraging users to switch to Google DNS. Suggesting that it might not be a bad idea to keep investigating. It might be worth it for others to chime in on that thread as well.
EDIT (unrelated but possibly interesting): Remember how someone - I forget who - noticed that the original chrome-navigation-error page, the destination for the redirect, appeared to be attempting to load a Chrome extension? Well, Google is an amazing thing, and I finally figured out that that part of the source code (which you can see ) duplicates in the Chromium code. I guess that's because it's supposed to mimic the output of the error page. Which in turn suggests that maybe the extension part is innocuous - it's only there as a part of the page's disguise, so to speak. You can congratulate me now. That's pretty good sleuthing for a n00b, right? I can confirm this behavior on Windows 8.1.
Over the course of approximately one hour with my computer sitting completely idle I measured roughly half a GB of outgoing traffic. Did a full reinstall of windows this morning and haven't seen anything yet. I have not been able to detect any large flux of data on either OSX 10.9 or Fedora 18. If you do find this behavior, post what configuration (specifically OS) you are running so we can see if this behavior is as widespread/versatile as the redirect appears to be. With none of the AV suites working there aren't many options. Operating under the assumption that your computer is infected I think right now all you can do short of a full reinstall is sit tight. Under the assumption you are not infected it might be worth looking in to some sandboxed browsers.
You would still get hit with the bad redirects but at least any nefarious background code damage would be mitigated. You could also looking into setting up a virtual machine and operate under the premise that your machine is compromised, although there are certainly ways for things to spread between VMs as well. So, keeping in mind I am not a computer whiz and didn't have a baseline for network activities before being affected by chrome-navigation-error, here are some things I've noticed.
I'm running OSX 10.7.5 for reference. When I boot Chrome, large volumes of data immediately begin to be sent/received (on the order of a few KB/sec, but peaking at 1.4 MB/sec according to my activity monitor). By default, Chrome does not open any websites on bootup for me, so this is opening a 'blank' window.
When I boot Safari, only tens/hundreds of bytes/sec are sent/received, which seems much more normal to me than tens of KB/s or a few MB/s. Does anyone know data rates for Chrome booting up for people who are unaffected by CNI (chrome navigation error)?.
It has also been taking forever for web pages to load for me recently, no matter what network I'm on, nor what browser (Chrome or Safari), nor what processes are running in the background for me (ie Chrome on vs. Chrome shows the 'Resolving host' at the bottom of the browser for a long time, and pages load very slowly. Not sure if this issue is unrelated to CNI or not. I visited this domain today on a sandbox VM using newer Opera (the one that's basically a clone of Chrome) and it warned me that connection to remote debugging allowed for full control of the browser session and asked if I was sure I wanted to accept. To go along with what another user was saying it was asking to connect to remote browser debugging at 127.0.0.1:RANDOMPORTS. That actually makes a lot of sense with the Phantom sounds and pages, could someone be exploiting the remote debugging protocol on Chrome/Blink through that website and then using our devices for some sort of advertisement clicking scheme or DDoS? Couple of things I wanted to add, then I sort of have to try and get back to my real life, as much as possible.
Keep in mind that these are coming from someone with little to no technical comprehension of the issues involved. I went back through my Chrome history and found the Myspace video link that has been mentioned previously. It was accessed during a time when the computer was unattended and locked (at about 2 a.m., when no one had touched the machine for at least four hours previously). I also edited the hosts file as mentioned previously, to add a line as follows: 127.0.0.1 chrome-navigation-error.info. What happened after that was that every time I hit netstat, I saw a huge number of connections to that URL. I then edited the hosts file again to read: 0.0.0.0 chrome-navigation-error.info.
Since then, I haven't seen any more connections to that URL. However, I am still seeing tons and tons of connections from 127.0.0.1 (plus a huge range of port numbers), linked to many processes on my machine, all of which look like things that are supposed to be running (Google Drive Sync, my employer's Sophos update service, Firefox - I've been using only Firefox since this started). Take that for whatever it's worth - I don't know enough to know whether this is a bad sign or perfectly normal. Someone else probably checked into this already, but it was commented that the source code of the offending URL attempted to load a Chrome extension, but that it was one that didn't show up in the Chrome web store. I Googled the code associated with that extension and found several links indicating that it's connected with an internal piece of Chromium code called NCDLauncher. Someone more knowledgeable than me should.
Anyhow, that's what I've got. You should also look at the last couple of Twitter posts from, who has found the site trying to access Chrome's remote debugging console (I don't know what that means but it sounds ominous as hell). EDIT: I should add that I also haven't experienced any malware-like behavior on my computer so far, other than what I've described.
No phantom audio, no pop-ups, no funny browser quirks. But I also haven't run Chrome at all, except with my wifi radio disabled. EDIT #2: Let me emend that last thing I said. It definitely seems like webpages are loading much slower than I would have expected in Firefox. That's a subjective impression, but that's how it seems to me. So the remote attacker used a DNS exploit and/or browser extension exploit to hit a 0 day remote debug exploit on the browser, then forced the browser to a URL that downloaded some type of additional command and control software, and then using that is planning to perform a DDoS attack? If we can't figure out and protect ourselves from his initial attack vector, what's to say formatting/reimaging our devices is going to ensure it doesn't happen again?
He could easily bring up a chrome2-navigation-error.info website and do this all over again. I'm doing a realtime Netstat using TCPView from Microsoft and trying to find what processes he's attaching to. I wish this was getting more widespread attention. I don't see any news of this exploit on any security websites or blogs. Reddit users seem to be the only people paying attention this weekend.
I think it's really new - I imagine it's going to come to surface what's going on soon here. It feels like there's nothing we can do right now.ChromeOS and Linux LiveCD users have reported getting this. Can't get any more 'fresh os' than that. Also I dunno if it's a different software - it might just be making you load/click URLs with the built in tools for Chrome Remote Debugging.
I'm not familiar with what they are, but, I've done mobile testing with Chrome Debugging on Android and it allowed me to push URLs and control Chrome for Android within Chrome. It's not that far of a stretch to think someone could remotely control your browser using the same tool.
Adware is a beast. Mac's don't viruses very easily and while Adware technically isn't a virus, it still can be very annoying. Symptoms of adware can include random pop ups, ads on website that didn't have ads before, you may notice one day that your homepage has changed, etc. In this short tutorial video, David will show you how to identify malware on your Mac and remove it. NOTE: This video has since been updated and Adware Medic is NOW Malwarebytes for Mac.
Here's the link: David A. Cox is a professional technology teacher who specializes in all Apple/Mac products. PC Classes Online offers both LIVE and pre-recorded classes for FREE!!!
So if you want to learn how to better use your Mac, iPad, iPhone, PC, or other web technologies, you've found the right place! David specializes in working with baby boomers, teaching them how to better use technology. He's patient, steady, and has a great radio voice! Check out his small business 'The Mac Guru' PC Classes Online was featured on the ABC show 'Shark Tank.' The Sharks decided not to make an offer, but we're really glad they passed! Look for our new video tutorials every Wednesday and Saturday which is ALSO when we teach our LIVE classes.
For more information visit our website at For media or business inquiries please contact Ernie Polgardy at [email protected] Please do not send us private tech support requests.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |