Dave "it aint the heat, it's the humidity" Labrecque
Becket, Massachusetts
Hi Dave,
You've described two different things
1. browser redirect in chrome on your home computer also happening on your moms computer when logged into your chrome account.
2. browser redirect in chrome and also in firefox on your home computer.
These are two different attack vectors.
1. would be some form of extension or hack of chromes cloud preferences. This should not affect firefox, or any other browser on your computer.
2. would be a change to your dns or proxy settings on your computer. This would affect all internet traffic on your computer, but should not affect your moms computer. (unless its a change in proxy settings in chrome itself)
---------------------------------------
Philip G.
Right? Thus my disclaimer re: confirming the Firefox thing before I/we get too invested in that "vector," as you say.
The latest: it hasn't happened in a couple days. Have to wonder if my recent Malwarebytes scan, which found and quarantined a bunch of PUPs, killed it. That would seem surprising, since the last scan I ran a couple weeks back found/quarantined a bunch of PUPs, too, yet didn't cure the issue at that time.
It also occurs to me that I may have enabled some real-time browser protection options in Malwarebytes recently. So maybe that's the ticket.
Last edited by Dave Labrecque; 08-17-2021 at 06:16 AM.
Dave "it aint the heat, it's the humidity" Labrecque
Becket, Massachusetts
Dave, I'm kind of disappointed that the problem went away (for my curiosity, not for you). I was going to suggest that you install the Brave browser, and then login and see whether that behavior changed. Ah, well...
One thing that came to mind (too late...) is that different ads would be coming to your Google profile than your mother's. If one of them contained a slow re-direct then it would happen to you, but not to her - even on the same machine. Maybe now that ad has finished its tenure. Brave might have helped sniff that out because it's probably the safest browser, privacy-wise, without having to do anything yourself, for things like that.
I hasten to point out (in all its uselessness at this point) that when one operates Chrome sync'd to a given google account, that user's extensions load automatically. So, I contend that the extension theory still holds promise. Assuming I hallucinated the Firefox Event of '21.
It's pretty cool to be able to open simultaneous Chrome windows under different accounts, each having its own collection of extensions active.
Dave "it aint the heat, it's the humidity" Labrecque
Becket, Massachusetts
This assumes that the trouble-making extension was referencing Google's database of my preferences. But it could just as easily (or easierly?) been using some other database, like the one its paying clients enjoy being a part of. I'm just throwin' stuff against the wall, here. The windows that popped up did seem to be for vendors selling stuff related to where I was actually trying to go.
I would hope Google would vet anybody paying for access to their data on me. But who knows, right?
Dave "it aint the heat, it's the humidity" Labrecque
Becket, Massachusetts
I guess I don't think of something temporary like that as an extension - since it doesn't become resident locally on the browser for longer than the one use. But, maybe in the meantime, they've inherited the extension concept and then modified it. Might have been easier to re-use that code and functionality. But it would certainly fill the bill for explaining why yours and your mother's account experience are different. From the way you describe it, it's essentially code that is downloaded every time you login that disappears when you close the browser. If they load code just for you, they can certainly load advertisements just for you.
And, I doubt that Google vets every ad. that appears in one of their applications. I don't think that actual human beings are involved in that process. I can imagine them programmatically watching every ad. in realtime for content though. I haven't ever taken out an ad. from Google. But, from what I have gleaned, it doesn't involve putting on a suit and talking to an agent. Whoever might have put one over on them temporarily. Or - it's also possible that the functionality you have chosen (which is downloaded) happens to be located somewhere else that requires a re-direct.
FWIW, opening a Chrome browser window for any account is pretty instantaneous, so my guess is that the extensions are installed and kept on the local computer rather than downloaded each time. This article seems to confirm that. Or maybe I'm taking your statement too literally.
I'm pretty sure that's how it works. It usually takes several seconds for the pop-up window to populate with content, all the while the words, "Redirecting, Please Wait..." displaying at the top of the window. Way different than a typical Google-sanctioned experience, I think. Seems to have the tell-tale, clunky tells of an illegitimate actor. Not unlike the way we recognize email fraudsters because of their bad grammar or poorly implemented, stolen logo graphics.Or - it's also possible that the functionality you have chosen (which is downloaded) happens to be located somewhere else that requires a re-direct.
Dave "it aint the heat, it's the humidity" Labrecque
Becket, Massachusetts
Yeah - I see. The extensions then sort of become a group of libraries that are available for the use of whoever is using the machine and needs it - but aren't necessarily used at all. So, your mom's machine now has a copy of whatever it is that got downloaded for you that she just doesn't use. More sophisticated than the usual extension (in which whatever extension has been installed becomes 'the way it' is for whoever uses that browser thereafter).
Connect With Us