undefined | Better HN

0 pointspogue9mo ago0 comments

What are these "quasi-malicious customized versions of Chrome" you're referring to?

0 comments

Edit: I should have said "Chromium", not Chrome. They are repackages of Chromium, usually with functionality to send browsing activity to a third party.

"Wave Browser" is the common one that comes to mind immediately. I have several flagged in the "endpoint security" software I support, though.

The workflow is: (1) User wants some software functionality they don't have, (2) they search-engine using keywords like "convert Word to PDF", (3) they find a program that promises to do the thing they want, (4) they download it and click thru any warnings because they "want the thing", and (5) they end up with persistent per-user malware installed in their "AppData" folder.

Melatonic9mo ago

Confused by that as well - what version of chrome can be installed without admin?

EvanAnderson9mo ago

It cannot. There are malicious third parties who have made distributions of Chromium that are fully functional browsers, installing in the user's AppData folder w/o Administrator rights, that have additional "functionality" like exfiltrating browsing history or displaying extra t

This is really what any Electron-based app is. It's just Chromium running out of the AppData folder. There's a whole ecosystem of "shadow IT" software that installs out of the AppData folder, meant to end-run IT and central control, that functions great w/o Administrator rights.

jlarocco8mo ago

I'm not doubting that there are malicious third parties distributing them, but Google themselves delivers Chromium that way:

https://download-chromium.appspot.com/

It's linked from the main chromium site:

https://www.chromium.org/getting-involved/download-chromium/

1 more reply

red_admiral8mo ago

This one is usually ok? https://chromium.woolyss.com/ It's sort of like official unofficial download place.

dfedbeef9mo ago

Edge? (joking)

j / k navigate · click thread line to collapse

0 comments

EvanAnderson9mo ago

Edit: I should have said "Chromium", not Chrome. They are repackages of Chromium, usually with functionality to send browsing activity to a third party.

"Wave Browser" is the common one that comes to mind immediately. I have several flagged in the "endpoint security" software I support, though.

Melatonic9mo ago

Confused by that as well - what version of chrome can be installed without admin?

EvanAnderson9mo ago

jlarocco8mo ago

I'm not doubting that there are malicious third parties distributing them, but Google themselves delivers Chromium that way:

https://download-chromium.appspot.com/

It's linked from the main chromium site:

https://www.chromium.org/getting-involved/download-chromium/

1 more reply

red_admiral8mo ago

This one is usually ok? https://chromium.woolyss.com/ It's sort of like official unofficial download place.

dfedbeef9mo ago

Edge? (joking)

j / k navigate · click thread line to collapse