Now Google Chrome warns if your browser has been hijacked

Chrome browser hijackBrowser hijacking is a big problem.

I've lost count of the number of times that friends and family have asked me to take a look at their PC "because it's acting funny", only to discover that their browser has been meddled with by something like Babylon Toolbar, CoolWebSearch or Conduit Search.

Browser-hijacking software like these are often bundled with third-party applications, and can be installed at the same time if the user isn't careful, changing your browser's homepage, displaying irritating hard-to-remove pop-up adverts, or redirecting search queries and displaying sponsored links all with the intention of earning more revenue for the people behind them.

And, as if that weren't irritating enough, browser hijacking toolbars and add-ons are often very complicated to permanently remove from a Windows computer - even modern anti-virus software often struggles to fix the problem, leaving victims to either download specific clean-up tools or follow complicated step-by-step procedures published on internet forums.

So I was pleased to read the latest blog post from the Google Chrome team, who explained that Chrome would be "prompting Windows users whose settings appear to have been changed if they’d like to restore their browser settings back to factory default."

Chrome hijack detected

Reset altered Chrome settings?

Chrome detected that your browser settings may have been changed without your knowledge. Would you like to reset them to their original defaults?

According to Google, Chrome should notice that your browser's settings have been changed - and give you an easy way (thankfully it's the default) to reset them if the alteration wasn't authorised by you.

Of course, resetting your browser settings does mean that it will lose other changes you might have made:

Note that this will disable any extensions, apps and themes you have installed. If you’d like to reactivate any of your extensions after the reset, you can find and re-enable them by looking in the Chrome menu under “More tools > Extensions.” Apps are automatically re-enabled the next time you use them.

Finally, resetting your browser's settings does not necessarily mean that you have succeeded in removing the adware which messed with your settings in the first place - these typically survive rebooting, and the hijack could occur again.

But at least Google is doing something to make life a little harder for the browser hijackers, and perhaps more members of my family and circle of friends will realise that something strange is going on with their browser.

Features like this, combined with users remembering to follow best practices, being careful about what they install and keeping their anti-virus software and security patches updated, help make the internet that little bit more of a safer place.

Tags: , , , , , , , , , ,

Subscribe to the free GCHQ newsletter

, , , , , , , , , ,

Leave a reply

5 Comments on "Now Google Chrome warns if your browser has been hijacked"

Notify of

Sort by:   newest | oldest | most voted
Steve Lyons
Steve Lyons
February 4, 2014 12:15 pm

Noticed this the other day when trying to remove one of these browser hijackers from no.3 sons PC. Chose not to reset to factory defaults, only wanted to put home page back to Google for him (after jumping through all the various hoops to remove the crapware!).

Andrew Mitchell
February 4, 2014 8:06 pm

Any thoughts on how likely this feature would be to trigger a false positive?

A smart 19 year old (lol)
A smart 19 year old (lol)
June 6, 2015 11:55 am

If you practice common sense while on the internet there is no need for any anti-virus software outside of ad block. The majority of it has a high price tag, and they all have a decent tax on a CPU even running in the background (or a huge tax on the cpu, looking at you Norton..) They don't actually do anything you cant do in one google search and you can very simply diagnose the things running on your computer using the task manager.. yeah this article was good but anti virus software isn't. something to consider

Michael Dardar
Michael Dardar
February 25, 2016 6:27 pm

My Google Chrome browser has been hijacked by a redirectional virus that redirects Facebook to, YouTube to and IMDB to! About a year ago this happened but it included dictionary sites, and it was caused by I found help that time online–adding at the bottom of the host file in C:\Windows\System32\driver\etc\.

I am in China and use SSLedge Falcon Proxy. I used Spyhunter and Advance System Protection but they didn't identify this problem. In fact, they both recognized each other as malware!