Advice Request Anyone using Chrome's flags to increase security and/or privacy

Please provide comments and solutions that are helpful to the author of this topic.

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Are members using the beta features of Chrome browser by tweaking the about://flags settings?

Privacy enhancement
#disable-hyperlink-auditing
#reduced-referrer-granularity

Security improvements RC (which are available a very long time so they won't give problems)
#extension-content-verification (set to strict)
#enable-permissions-blacklist

Security improvements Beta (most are available since 2012, so on my PC stable for at least two years)
#enable-site-per-process (which I always use with the flag below to for performance and resource)
#enable-top-document-isolation (puts all isolated iframes together in stead of each in its own)
#disallow-doc-written-script-loads
#enable-framebusting-needs-sameorigin-or-usergesture
 

Mr.X

Level 8
Verified
Well-known
Aug 2, 2014
369
Tell me how it goes if you don't mind.
So far after several hours running Chrome with QUIC protocol, I see no negative side effects yet. Neither any noticeable improvement, perhaps due to my laptop is quite old and has low resources. In other words, I see Chrome working as usual. Maybe a computer powerful enough could see benefits.
 
5

509322

Hi @Lockdown

Are you referring to plugins in Chrome? I couldn't find the plugins when I type chrome://plugins

Google removes Plugin controls from Chrome - gHacks Tech News

If yes, then enabling Appcontainer in Chrome has any effect on Emsisoft products or vice versa?

Thanks

Enabling Chrome to run in the AppContainer with EAM installed will cause Chrome plug-ins to fail to load. When you disable AppContainer they still fail to load. You will have to uninstall EAM to reset AppContainer to the default (OFF).

@Umbra reported this to Emsisoft many months ago.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
So far after several hours running Chrome with QUIC protocol, I see no negative side effects yet. Neither any noticeable improvement, perhaps due to my laptop is quite old and has low resources. In other words, I see Chrome working as usual. Maybe a computer powerful enough could see benefits.
Enabled it but i doubt i will notice anything.
Edit: Enable this and chrome://flags#enable-brotli

I can notice a significant improvement in loading speed. Don't ask which did it because i am too lazy to check if none of them creates any issues.
 
Last edited:

Mr.X

Level 8
Verified
Well-known
Aug 2, 2014
369
Enabled it but i doubt i will notice anything.
Edit: Enable this and chrome://flags#enable-brotli

I can notice a significant improvement in loading speed. Don't ask which did it because i am too lazy to check if none of them creates any issues.
Lucky you. Even enabling Brotli Content-Encoding, I can't notice any improvement in my side. Again, it's my own scenario which is not able to take advantage of those tweaks. That's for sure.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
Lucky you. Even enabling Brotli Content-Encoding, I can't notice any improvement in my side. Again, it's my own scenario which is not able to take advantage of those tweaks. That's for sure.
The connection matters for sure. If you are on adsl you will not notice it because the delay of adsl will be a lot bigger than the improvement so it will not show up. Atm i am on a good fiber connection with less than 10 ms on local servers. I am pretty sure if you time it with an addon you will have an improvement but it's probably irrelevant.
 

Mr.X

Level 8
Verified
Well-known
Aug 2, 2014
369
The connection matters for sure. If you are on adsl you will not notice it because the delay of adsl will be a lot bigger than the improvement so it will not show up. Atm i am on a good fiber connection with less than 10 ms on local servers. I am pretty sure if you time it with an addon you will have an improvement but it's probably irrelevant.
I'm on a cable connection with obsolete technology infrastructure. Is there anything I can do for myself in this case?
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
I'm on a cable connection with obsolete technology infrastructure. Is there anything I can do for myself in this case?
Just keep them on. They should help even if it's just a tiny bit. Especially the brotli thingy. The other one i am not sure because apparently it's still not finished work.
 

given

Level 2
Verified
Apr 2, 2017
69
have anyone here enable the " Experimental QUIC protocol " in Chrome://flags ? just found out that "Experimental QUIC protocol " is speeding up a bit way faster in browser,,you guys should try it urself out :) and the "Experimental Canvas Features " also :)
 
Last edited:
F

ForgottenSeer 58943

I use command line switches, not flags.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-extensions-with-background-pages --dns-prefetch-disable --no-pings --disable-logging

QUIC is UDP over 80/443 which bypasses many security protocols and content filtration. As such, BY DEFAULT most quality UTM/NGFW/FW block QUIC by default. Many proxy firewalls watch for TCP 80/443 so security can be compromised/bypassed with QUIC in some cases. Always best to disable it IMO or block it from your UTM appliance if you can. Similar to how you should disable IPv6 over IPv4 protocols (Teredo, etc), there are security risks to these.
 
Last edited by a moderator:

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
How can they be more secure if they get the latest security patches a while after Chrome?
Yes, more secure when it comes to privacy. They don't have the latest security patches - but they're much less spying.
Good examples are Slimjet, or CENT Browser - look in the Settings .. you have many privacy settings under the hood ... then I have more confidence.

Eg CENT has natively: Disable WebRTC, Prevent my local IP address from leaking by WebRTC, Disable HTLM5 canvas fingerprinting, Disable screenshots by extension API ..

Then SLIMJET Block cross-domain HTTP referrer, Block social network javascript on third-party websites, Block Google ads on third-party websites, Replace indirect link in search engine results with direct link to original site .. "Do Not Track" requests too ..

- The remaining ones are doing my extensions.

So I use these Chromium forks, NOT Chrome.
I don't want to hurt you, sorry and so on, ZeroDay!
 
Last edited:
  • Like
Reactions: Sunshine-boy
F

ForgottenSeer 58943

I use Chromium forks not command line switches, or flags.:)
- too boring these enhancements, changes, no time for me

1) Actually if you do some investigation, you might find some of these forks are less secured. Install them, then grab packet sniffers and get back to me on what you see. Of course I already know the answer because I have already done this. It's great one popular fork doesn't send telemetry to Google, but do you feel safer with all of the crap it sends to Quantcast?

2) Can you guarantee integrity of systems those forks are compiled on? What if they are compromised?

3) How about fast patching and exploit plugging, are they on top of that?

4) Cent Browser, playing off the CentOS is cute. Do you know who they are? No, you probably don't because they don't disclose who they are. Just a random Gmail account. I'll tell you who they are; (you trust a shell holding company owned by the telemetry wing of Alibaba?)

Nexperian Holding Limited
Le Jia International No.999 Liang Mu Road Yuhang District
Hangzhou Zhejiang 311121 China

5) Slimjet? From Flashpeak? So you trust a browser programmed by a Chinese Ex-Pat:
1383063_619519541434102_2084178622_n.jpg

from THIS location?

flashpeak.png


5) Since those command line switches work with most forks, you probably should STILL use them.

6) WebRTC is nonsense, nobody cares about it, virtually everything blocks it. Even firewalls are adding SPI to block RTC local subnet disclosure by default.
 
Last edited by a moderator:

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
ForgottenSeer 58943 I really enjoy reading your comments!a lot of research by yourself!thanks for sharing your information with us:p
Is it safe to disable QUIC protocol?Also, what is your opinion on Yandex browser?
 
Last edited:
F

ForgottenSeer 58943

ForgottenSeer 58943 I really enjoy reading your comments!a lot of research by yourself!thanks for sharing your information with us:p
Is it safe to disable QUIC protocol?Also, what is your opinion on Yandex browser?

QUIC can be disabled. It's useless. Sure, it may take 0.1ms more to load Youtube or Google, but who cares. You shouldn't shoe horn TCP 80/443 into a UDP parallel protocol for many reasons, Google is being naughty. Realize most inspection for WF is looking at TCP 80/443 not UDP. This is like trying to shove over-sized packets through 53 to bypass scanning. Nope. There is a reason corporate/enterprise security gear block QUIC by default (and so do others)

I like Yandex Browser, easily the best fork if you like forks.
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
QUIC can be disabled. It's useless. Sure, it may take 0.1ms more to load Youtube or Google, but who cares
I just disabled it for the peace of my mind I also don't care about that 0.1 ms.
WF is looking at TCP 80/443 not UDP
I didn't know that thanks.
I like Yandex Browser
I always have the last beta version of Yandex but their chrome version is behidne the offifela veriosn! like i have the 61.0.3163.1512 version right now when the last is 62.0.3202!
They also have a bug bounty page!
The Yandex Bug Bounty
Keep us posted thanks<3
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top