Chromium Browser Hijacker

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
ron_o
Level 1
Level 1
Posts: 17
Joined: Wed Aug 25, 2010 7:05 pm

Chromium Browser Hijacker

Post by ron_o » Sun Aug 16, 2015 10:50 am

I was surprised to find on my Linuxmint 17.1 (Rebecca) that I had a browser hijacker in Chromium. It was obvious that I had it because nearly every link I touched opened a new tab to an ad. The only way to get rid of it, me thinks, is to reset Chromium to its original settings.

Ron.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4204
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Chromium Browser Hijacker

Post by Fred Barclay » Sun Aug 16, 2015 1:14 pm

I'm not sure that this was a "hijack", per se, but definitely a bit strange. Of course, it could have been. It's hard to tell without knowing details. ;)
Alas, it seems the "fashionable" attack these days is not on the OS but on the browser. :(

Keeping in mind that this may very well have been an attack, do you sandbox your browser? xenopeek has recently written about a useful sandbox called "firejail", take a look! http://forums.linuxmint.com/viewtopic.php?f=47&t=202257
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
Pjotr
Level 21
Level 21
Posts: 12619
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Chromium Browser Hijacker

Post by Pjotr » Sun Aug 16, 2015 2:35 pm

Which third-party extensions have you installed in Chromium?

@Fred Barclay: isn't Chromium sandboxed by default?
Tip: 10 things to do after installing Linux Mint 19.1 Tessa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
administrollaattori
Level 15
Level 15
Posts: 5879
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: Chromium Browser Hijacker

Post by administrollaattori » Sun Aug 16, 2015 2:39 pm

Close Chromium and open Terminal and run

Code: Select all

mv ~/.config/chromium ~/.config/chromium.broken
After that open Chromium.

ron_o
Level 1
Level 1
Posts: 17
Joined: Wed Aug 25, 2010 7:05 pm

Re: Chromium Browser Hijacker

Post by ron_o » Sun Aug 16, 2015 2:46 pm

Pjotr wrote:Which third-party extensions have you installed in Chromium?

Off topic: isn't Chromium sandboxed by default?
That's what is strange. I have only 3 extensions and none were enabled. They might have come as default for the browser, for all I can remember. I only use Chromium for one thing and usually that's to buy things or if I have to sign up on some site. On FF I use a lot of privacy extensions which can cause havoc in that process.

I think Chromium claimed that each tab was sandboxed, however, that doesn't mean that a browser hijacker can't open a tab up for an ad, which is what happened here.

Apparently this is a huge problem for Chromium [ http://chrome.blogspot.com/2014/01/clea ... tings.html ] What surprised me was that I'm using a linux distro. One that I recently recovered from a crash so my system is new (but many config files, including Chromium, were copied to their respective directory. Sure, the root wasn't compromised, but it's possible that if I had paid for something with a hijacked browser my info. could have been compromised.

Ron

User avatar
JohnBobSmith
Level 4
Level 4
Posts: 338
Joined: Wed Nov 06, 2013 5:42 pm
Location: Canada

Re: Chromium Browser Hijacker

Post by JohnBobSmith » Sun Aug 16, 2015 3:10 pm

ron_o wrote: Apparently this is a huge problem for Chromium [ http://chrome.blogspot.com/2014/01/clea ... tings.html ] What surprised me was that I'm using a linux distro.
I am slightly surprised by the attack attempt/whatever it may have been, but I am not surprised at all that it worked on a Linux distro. Web browsers are, by design, often able to run cross platform, use similar means for communication, run cross platform scripting languages (javascript), and have bugs of varying degrees. What this means is that an attacker's javascript attack using HTTP exploiting bug 901554 couldn't care less about what OS you have. The code would run nearly identical across multiple platforms without any issues. The difference between Linux and Windows comes in when the attacker hoses your web browser but not much more, compared to the entire system going bunk. If the attacker gets your session cookie, your passwords, or other sensitive data then you may be in more trouble. As such I'd say change your passwords but otherwise don't panic. Re-setting chromium to factory defaults and removing all traces of previous cookies/history/etc. should clean up the mess.
Image
If you want to change the world, start by changing yourself.
Success is often 1% inspiration and 99% perspiration.
You get one shot at life, so live to the maximum, not the minimum.

Post Reply

Return to “Other topics”