Chrome MitM error

Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.

A MitM attack is when an application installed on a user's computer or a local network intercepts the user's web traffic.

For the party performing the MitM attack, the hardest part is dealing with encrypted HTTPS traffic. Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect.

Chrome will show on error when it suspects MitM attacks

The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying — and failing — to intercept the user's web traffic.

This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won't show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.

Sasha Perigo, a Standford student, developed this new security feature while working as a Google intern.

Feature available for testing in Chrome Canary

According to the Chromium Development Calendar, Google will release Chrome 63 on December 5, bar any unforeseen events.

In the meantime, users can preview it via the Google Chrome dev branch, also known as Google Canary.

This option is not available by default in Chrome Canary, and a small trick is needed to make it appear in current distributions. Just follow the steps below:

Step 1: Find your Google Chrome Canary icon/shortcut and double click on it.
Step 2: Select "Properties" from the drop-down menu.
Step 3:  In the "Target" field, add the following text "--enable-features=MITMSoftwareInterstitial" and hit "Save."

Chrome Canary MitM flag setup

Image credits: Sasha Perigo, Bleeping Computer

Related Articles:

Speech Synthesis API Being Restricted in Chrome 71 Due to Abuse

Internal Chrome Page Shows All Google Interstitial Warnings

Chrome 71 Will Warn Users about Deceptive Mobile Billing Pages

Chrome 71 Will Block All Ads on Abusive Sites in December

Chrome 69 Keeps Google's Cookies After You Clear Browser Data