Issue metadata
Sign in to add a comment
|
Shell Extensions Triggering Incompatible Applications Dialog
Reported by
alexar...@gmail.com,
Oct 11
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Steps to reproduce the problem: Chrome recommends uninstalling applications that have Windows shell extensions without providing a viable alternative. Even for the subset of extensions marked “Tolerated” due to presence on Approved shell extension list, any dependent modules these load still trigger the Incompatible Applications dialog. A system to register an application’s modules to be blocked ahead of this full blocking rollout in Chrome 72 is preferable to unconditionally showing an application with shell extensions as incompatible. 1. Install latest Norton Security with Backup product from https://us.norton.com/norton-security-with-backup-downloads-trial 2. Open Chrome 3. Right-click on a page in the browser and click “Save as…” to load shell extensions 4. Wait a few seconds for the module DB to update, then go to chrome://conflicts/ and see buShell.dll and/or NavShExt.dll loaded 5. Run chrome://inducebrowsercrashforrealz/ to ***crash*** the browser 6. Restart the browser to get a prompt for Norton Security being incompatible What is the expected behavior? Applications with shell extensions need a supported way out of this Incompatible Applications flow so Chrome doesn't prompt for them to be uninstalled. What went wrong? Injection into Chrome is done by Windows in this case. Chrome isn't handling all the cases around shell extensions being loaded, so a method to block these loads now is better than waiting for them to be blocked by default. Did this work before? N/A Chrome version: 69.0.3497.100 Channel: stable OS Version: 10.0 Flash Version:
,
Oct 19
,
Nov 1
Thanks for the issue... As per comment #0, Tried to reproduce the issue on latest chrome stable 70.0.3538.77 using Windows 10 with mcafee antivirus. As of now we don't have Norton Security with Backup product. Steps: ----- 1. Launched the chrome 2. Navigated to some site >> Right-clicked on a page in the browser and clicked “Save as…” and Waited a few seconds > saved the file 3. Navigated chrome://conflicts/ and see buShell.dll and/or NavShExt.dll loaded As we didn't find buShell.dll and NavShExt.dll in chrome://conflicts/ The issue seems to be related to Norton antivirus.Hence, requesting anyone from the inhouse team check this with Norton antivirus adding TE-NeedsTriageFromHYD label to it. Thanks..!
,
Nov 1
Note that this is currently Working as intended. We do not intend on building a registration mechanism, expanding the whitelist, etc. Rather, we are currently moving all shell operations to an external utility process where injection is allowed. This will prevent them from injecting into the browser process, and in turn prevent the warning from showing. Closing this as a duplicate of that issue. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by susan.boorgula@chromium.org
, Oct 11