• Home
  • IT
  • Google to Block Third-Party Software on Chrome

Google to Block Third-Party Software on Chrome

If you have trouble with Google’s Chrome browser crashing when you are using it, you are not alone. Windows users have been complaining of this issue for a while and Google’s tech team has decided how to handle the problem. In most cases, Windows users have other programs running while running Chrome, such as antivirus and accessibility software. Unfortunately, these programs inject code into your Chrome web browser, causing it to crash. Google states that Windows Chrome users have 15 percent more crashes than other users.

Google’s Solution

Google has come up with a solution to reduce the number of Chrome crashes for Windows users. Google announced on Thursday, November 30, 2017, that its solution to Chrome crashing from injected code was to block third-party code completely.

In July 2018, Chrome 68 will begin blocking third-party software from injecting into Chrome processes.

Therefore, Windows Chrome users will have to make a few adjustments before these changes go into effect.

Problems with Code Injection

The reason there have been so many issues with Windows Chrome crashing is that the program interprets injected code as an attack. Naturally, Chrome responds to an attack by shutting down and protecting itself.

Injected code can cause vulnerabilities in a program which can sometimes be very hard to find. Code injection is the term used for all attack types that inject code into a program which is immediately interpreted and executed. These attacks take advantage of how a program handles untrusted data, made possible because the program doesn’t have a proper data validation process. Some examples of instances when this can happen occur with allowed characters, amount of expected data or data formatting.

Code injection differs from command injection as an attack because the attacker is limited by the functionality of the injected code. For instance, if an attack injects Javascript code into a program and it executes, it is limited by what Javascript is able to perform. Command injection instead leverages existing code to execute commands.

There are numerous risk factors to software with the possibility of code injection. It can create vulnerabilities which might be easy to find, but can also be very difficult to find. If someone wants to exploit these vulnerabilities, they can create serious security risks including loss of accountability, integrity, availability and most concerning–confidentiality.

These risks are not ideal for most companies, and even less so for companies that need to keep their work highly confidential.

Trading One Problem for Another

You may think that while blocking third-party software from injecting code into the Chrome browser is great for Google, it just creates another issue for you, because you need that antivirus program to keep your computer safe from nasty viruses. Google realizes that no one wants viruses; however they want to reduce the significant amount of crashes that Windows Chrome users are complaining about. They are working to keep viruses and other injected code out of Chrome.

Google will begin block outside program code, and instead recommends that users add Chrome extensionswhich are completely compatible with Chrome. Another solution recommended by Google is using Native Messaging to add code to Chrome. Since both of these codes are designed to work with Chrome, you should have significantly fewer crashes. Google’s timetable is generous, so you will have plenty of time to replace your current third-party add-ons with Google-compatible software.

Chrome Update Timetable

This update to the Chrome browser will not happen overnight. You will have time to find other solutions to prevent viruses and replace other third-party software. The change will occur in three phases beginning in April 2018.

  • April 2018: Chrome 66 will start showing users a warning each time Chrome crashes. The warning will let them know the crash was caused by an outside program injecting code into Chrome. The alert will instruct them to remove the program or update it before re-starting Chrome.
  • July 2018: The next phase starts in July, when Chrome 68 will begin blocking all third-party software from injecting code into Chrome’s processes. If blocking prevents Chrome from starting, Chrome will relaunch and allow the code injection while showing a warning which asks the user to remove the outside software.
  • January 2019: The final phase will start in January, when Chrome 72 will block third-party code injections without the warning.


Google has noted a few exceptions to the rule. While the majority of software that injects code into the Chrome browser will be blocked, Input Method Editor software, accessibility software and Microsoft-signed code will not be affected. Google does recommend that developers of these types of software move to using Chrome extensions or Native Messaging. Developers are encouraged to use Chrome Beta to test their programs before updating.

Whether you are a developer or just a regular user, you might find these changes to be a bit of a nuisance. But, having 15 percent fewer crashes while using Windows Chrome will definitely be worth the changes. Take the time to investigate any software changes you need to make before July 2018. Once your new Chrome extensions are added, you won’t get the warning sign that starts with Chrome 66.

Google is using this pathway of improving Chrome experience for all Windows users. Better functionality is a benefit to individuals and companies that use Chrome.

Please contact us with any questions about this change to the Chrome browser or any other software issues that you have questions about including antivirus or accessibility software, Chrome extensions or Native Messaging.


  • 01/09/2018
  • IT