Unable to reproduce the issue on Win-10 using chrome reported version #67.0.3396.79 and latest canary #69.0.3453.3.

Attached a screen cast for reference.

Following are the steps followed to reproduce the issue.
------------
1. Ran chrome using --proxy-pac-url="file:///c:/Users/user/a.pac"
2. Ran in console:
function FindProxyForURL(url, host) {
  return "PROXY test.example.com:9090";
}
3. Observed that undefined got returned.

lewix.liu@ - Could you please check the attached screen cast and please let us know if anything missed from our end. Also please check the issue on latest canary #69.0.3453.3 by creating a new profile without any apps and extensions and please let us know if the issue still persist or not.

Thanks...!!

Deleted: 851303.mp4 436 KB

	851303.mp4 436 KB View Download

Hi krajshree,
Please refer to the attached 3 png files.
1.png shows the version of chrome, cmd line setting and the contents of the a.pac file.
2.png shows the actually proxy setting in the page "chrome://net-internals/#proxy"
3.png shows the event when visit a website. I got A net error "-326" (ERR_PAC_STATUS_NOT_OK), then the proxy setting fall back to DIRECT, no matter a true or fake proxy used in the a.pac file

BR
Lewix

Deleted: 1.png 113 KB

	1.png 113 KB View Download

Deleted: 2.png 52.6 KB

	2.png 52.6 KB View Download

Deleted: 3.png 168 KB

	3.png 168 KB View Download

Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I'm having trouble reproducing as my enterprise settings are overriding the PAC settings.

@krajshree: The JS is meant to go in a file (c:/Users/user/a.pac), not in the console.

You are using --winhttp-proxy-resolver which is unsupported (Issue 644030), and incompatible with file:// URLs.

Hi eroman,
Sorry, I am not sure of "using --winhttp-proxy-resolver",  Could you explain what that means in this context for me?

Do you mean "--proxy-pac-url"? And any alternatives?

Screenshot 1.png shows that you are launching Chrome with the command line:
  chrome.exe --winhttp-proxy-resolver --proxy-pac-url=file:///C:/a.pac

Instead use:
   chrome.exe --proxy-pac-url=file:///C:/a.pac

Hi eroman,
I do run chrome using "chrome.exe --proxy-pac-url=file:///C:/a.pac"

Deleted: 4.png 88.8 KB

	4.png 88.8 KB View Download

Hmm.

That sounds like there is third party software/malware that is modifying the command line arguments.

Can you follow the instructions I left at https://github.com/FelisCatus/SwitchyOmega/issues/1474:

(1) Use Process Explorer to confirm whether the application was in fact launched with those command lines (as opposed to an internal modification to Chrome that makes it assume those switches).

(2) Try launching Chrome through cmd.exe, and see if it also gets that switch added.


We have seen spyware do such things by patching the windows shell (so launching from the GUI would add certain command line switches). However those command line switches were intended to disable security features in Chrome. By comparison, --winhttp-proxy-resolver seems like a strange one for malware to be setting, so I would be interested to understand where this is coming from and why!

As a historical note, the spyware RelevantKnowledge (rlls.dll) would do IAT patching of kernel32!CreateProcessW (in explorer.exe), in order to modify the behavior of shell-execute for chrome.exe to add the switch --use-system-ssl. It was doing this and some other stuff (like side-loading a content script), as a means of intercepting HTTPS traffic from the browser.

But as it relates to your issue, the end result was that chrome would launch with a different set of command line flags than you had specified.

Certainly the same sort of thing could be happening here. Although it is less clear why they would choose to add that flag in the first place...

Thanks eroman,
Yes, I comfirmed the winhttp-proxy-resolver comes from 3rd software/malware.
I changed the filename chrome.exe to a.exe, and then the flag disappeared and the parameter and extenstion worked well.
Though I am still not sure which it exactly comes from, if it's from some enterprise setting, is there any solution or suggestion for this situation?

Thanks for following-up!

Getting to the bottom of where it is being injected from would require some local debugging on the machine.

Is this a personal computer, or part of an enterprise deployment? If it is part of an enterprise administrated group you can ask your IT department. It could even be that they are the ones that have patched the system to do this.

If it is your personal computer I would start by looking at the installed software. Also running Chrome's cleanup tool might identify problems (https://support.google.com/chrome/answer/2765944).