Chrome Extension: document.querySelector(‘button’).click() is not working on button created on React

I want from extension to click the button but button click event is not working as if i use JS DOM Methods:

getElementsByClassName('button')[0].click(); // Not working //or document.querySelector('button').click(); // Not working   

The problem is that button is created either on “React.js“, so i think that causes not to happen the button click event.

Please suggest me any solution for this problem.

Thanks.

“View frame source” is suddenly an option on every website loaded with Chrome

I’m running Google Chrome Version 83.0.4103.61 (64-bit) on Windows 10, and I’ve suddenly noticed that never mind what website I visit, when I right click “View frame source” is an option.

This strikes me as odd, as that option is usually only available when you’re wanting to view the source code of an iFrame. Whether I click “View frame source” or “View page source” the source code and URL are the same.

But why does Chrome suddenly think that any website I load is being displayed in a frame? Is this cause for concern or am I just being paranoid?

Chrome extension differences: Urban Shield VS Urban Free VPN proxy Unblocker

What’s the difference between these two Chrome extensions, which provide VPN functionality for browsing via Chrome:

Urban Shield: https://chrome.google.com/webstore/detail/urban-shield/almalgbpmcfpdaopimbdchdliminoign?hl=en

Urban Free VPN proxy Unblocker: https://chrome.google.com/webstore/detail/urban-free-vpn-proxy-unbl/eppiocemhmnlbhjplcgkofciiegomcon

They are both developed by the same company, but I couldn’t find any explanation regarding the differences between the two.

Firefox and Chrome load resources with max-age differently?

I’m trying to troubleshoot something on the client and I believe it has something to do with the the browser caching requests.

I’m loading the same page on Firefox and Chrome (Canary). When I look in the network tab, I see different behavior.

There server response has a max-age set for cache control. I see that Chrome always loads from (disk cache) if max-age has not been reached. But for Firefox, I’ll see it load the resource not from cache once in a while before max-age has been reached. Also I’m seeing 304 ‘not modified’ in Firefox, but not in Chrome.

Can someone help explain what I’m seeing?

Here are some screenshots of the Network tabs… Firefox network tab Chrome network tab

Did changes in Google Chrome 80 weaken cookie and password encryption?

According to Arun on StackOverflow “Starting Chrome 80 version, cookies are encrypted using the AES256-GCM algorithm, and the AES encryption key is encrypted with the DPAPI encryption system, and the encrypted key is stored inside the ‘Local State’ file.”. (https://stackoverflow.com/questions/60230456/dpapi-fails-with-cryptographicexception-when-trying-to-decrypt-chrome-cookies/60611673#60611673).

Now at first glance this looks like an improvement rather than passing cookies to Windows Data Protection API (DPAPI) directly they’re encrypted with a better algorithm and only the key is protected through the API. Stronger encryption is used and Windows Data Protection API encrypts the key. Unfortunately the protection scope is changed from LocalUser to LocalMachine.

It appears that this means if a user were to copy the hard drive by plugging it into another computer they would no longer need your Windows account password to decrypt this key in the local state file with the Windows Data Protection API. In theory this would allow another user on the system to steal passwords and cookies weakening security protections that existed further.

I put together a code demo with Brave Browser demonstrating this risk (see: https://github.com/irlcatgirl/BraveCookieReaderDemo). It’s easy enough to swap paths of SQLite and Local State files for Chrome.

According to https://docs.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata#parameters

Typically, only a user with logon credentials that match those of the user who encrypted the data can decrypt the data. In addition, decryption usually can only be done on the computer where the data was encrypted. However, a user with a roaming profile can decrypt the data from another computer on the network. If the CRYPTPROTECT_LOCAL_MACHINE flag is set when the data is encrypted, any user on the computer where the encryption was done can decrypt the data. The function creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted.

Due to a change in scope in Windows DPAPI did this change harm Chrome’s security or am I misinterpreting my findings?

Hugoclose.com malware is causing issues in google chrome

In my MacBook Air, whenever I search something in google, some adds are appearing out of no where and they’re hiding the actual search results from google. When I checked the developer tools, I found that they were coming from a http request to findsearchresults.info which is being called from another js file from hugoclose.com https://hugoclose.com/22c1fbfd0fc1969766.js. Can anyone help me fix this issue?

enter image description here

Chrome: why is invalid certificate usage for resources loaded from localhost disabled?

In chrome there is a flag called: allow-insecure-localhost. As far as I can tell all it does is block localhost connection over tls if the certificate is self signed.

Why is this feature turned off by default? Does it affect regular users in any way (regular user = someone who is not developing something). Are there any serious cases of localhost connection being used malicious that could have been prevented by having this option enabled?

Why does Chrome show 304 in Response Headers section but 200 in Status code?

Might be a silly question, but I haven’t found any clear answer yet. Why does Chrome show 304 in Response Headers section but 200 in Status code? Why doesn’t it show 304 in Status code (BTW, that is NOT 200 memory cache.)?

If it shows 200 I can’t know it is actually 304 without looking into request detail.

enter image description here

Compared to Firefox (the same request), 304 in status code.

enter image description here

Chrome process sending large outbound data 2.83GB [closed]

I Observed a large amount of data been send from one of our machines , after investigation through EDR i found out that chrome.exe process is initiating this connection toward presence.api.drift.com the total amount during 4 hours is 2.83GB.

I’m trying to pinpoint why chrome is doing this I’m afraid that its data ex-filtration , Any suggestion can be helpful.

Thanks