Users in a company that I work for have access to disable company managed extensions when they are in incognito mode.
For eg: a user can disable the DLP solutions through incognito browser
Are there any ways to enforce the extensions to remain enabled in incognito mode and prevent users from disabling the option?
PS - posted it already on the chrome community platform. No response
Related
These websites were working before and suddenly after a restart of my AWS Workspaces these websites are returning below error on all browsers. I have re-installed IIS and also deleted the files from C:\inetpub\history. When i run the same website from Visual Studio it works but the url would be like http://localhost:29740.
This site can’t be reachedThe webpage at http://localhost/xxx might be temporarily down or it may have moved permanently to a new web address.
ERR_CONNECTION_ABORTED
Are you using chrome browser? there are many reasons for this error, such as the website or service you are trying to access does not support the SSLv3 protocol (Secure Socket Layer Version 3 Protocol), some third-party program like your antivirus or an extension install on to your browser might be interrupting your connection to the website.
Before trying any fixes, try to access the same website from a different browser and preferably a different connection. Try to access the website from the browser in Incognito mode may help too. But if you still encounter this error, here is what you can do to fix it.
Disable SSLv3 in Google Chrome:
First, add a Chrome shortcut to the desktop, then right-click the Chrome desktop shortcut, select Properties, and click the Shortcut tab as below.
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ssl-version-min=tls1
Disable Antivirus and Firewall
In the System tray on the right corner of your taskbar, right-click on the icon of your Antivirus and then click on the option that refers to disabling your antivirus protection temporarily.If prompted, set the duration of antivirus to be disabled as per your choice.You may temporarily disable Windows Defender in you use iton Windows 10.
Now, you can check if your issue is resolved or not. Additionally, you can disable your Windows Firewall protection too. This is due to the fact that the Windows Firewall monitors and authorizes or denies and inward or outward connection from your computer.
Now, you can check again if your issue is resolved or not.
Reset Google Chrome
To reset Chrome browser, make sure that Google Chrome is not running anywhere in the background using the Task Manager.Now, hit the WINKEY + R combinations to open Run and then navigate to the following path,
%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Now, select the folder named as Default and hit the Shift + Delete button combinations and then click on Yes for the confirmation prompt you get.
After deleting the Default folder, open Google Chrome and click on the Menu button denoted by three verticle dots in the top right corner.Then, click on Settings. In the Settings section, scroll down and click on Advanced to reveal the Advanced Settings.
Now, scroll down to the Restore Settings to their original defaults button and click on it.Click on Reset, and this will reset your Google Chrome browser.Now check if you issue is fixed or not.
Reinstall Google Chrome
If all the methods that are mentioned above do not work properly, the last and the ultimate fix would be reinstalling Google Chrome.
Apart from all the other typical security best practices I'm wondering about this, since I lately read some articles talking about how browser extensions can spy anything their user does. So that we shouldn't trust them.
Therefore in order to give users and additional layer of protection should I process all users credential and sensitive info inside an iframe inside my webpages?
Can content inside a sandboxed iframe be read/spied by browser
extensions?
Yes
Could I use iframe to secure user credentials?
Quick answer, no.
When a user installs a chrome extension the extension can do basically anything in the website to access the user credentials. The extension has also access to the iframes that the page generates.
My proposed solutions to overcome this two issues and keep the website feel "secure" are the following:
If the end goal is to secure the content that your user will put in the website, and by no mean you want to let the user put content if there are other kind of extensions running in the page, what you can put is some kind of pop up in the page blocking the access to the user until he is accessing the website without extensions.
Another solution you could propose to the user is to go incognito mode, as there are many options to disallow extensions in incognito without having to force him to uninstall all of the extensions that he has on his browser. This could also make less users leave your page, as if you force him to uninstall of the extensions on his browser it might make him leave your page if it's not a clear enough reason for him.
If you do know which are the extensions that shouldn't be blocked or prevented because they are harmful or known to have some kind of shady behaviour, what you can do is checkout if the user has them installed with this solution Checking if user has a certain extension installed and then print a message to him saying he can't continue until he uninstalls those extensions.
I have noticed on some computers with google chrome, the option to allow access to the users media device (webcam or microphone) is not enabled. However I am speaking more to getting chrome to even prompt the user to 'allow'. Personally, my chrome Version 42.0.2311.90 (64-bit) works great. However, I have encountered others unable to even see the popup box to allow/block.
This is what shows:
However, on those computers in question, even after setting this option to 'ask for access', the browser when the page is refreshed does not record this option and just returns to the option to 'continue blocking'. Even inside of he advanced privacy settings, the option to ask for access is selected. Is there a security setting in the browser that needs to be set?
I have developed an extension which is to be installed by enterprise policy. I want this extension to always be active, even in Incognito mode. I see that the policy setting IncognitoModeAvailability allows me to either:
1. Never allow Incognito mode
2. Always force Incognito mode
3. Allow user to choose Incognito mode, which also allows user to choose if extension is to be functional in Incognito mode
Is there a way under Option 3 above to force the "Allow in incognito" checkbox to be checked, along with graying out the checkbox so that the user cannot prevent my extension from working in Incognito mode?
You can't automatically activate incognito mode for Chrome extensions. Users need to manually allow an extension to run in incognito mode. To see: How can I enable my chrome extension in incognito mode? and Can I run extension in incognito mode by default?
When i try to open our company's SharePoint Portal using Google Chrome or FireFox from Mac machine, log-in popup keeps prompting infinitely, i tried Domain\Username but still asking for user name and password, it works only with Safari but not Chrome nor FF, Please let me know why me and everyone using MAC is not able to access SharePoint Portal.
its is using NTLM authentication with SSL.
Any Idea??
This might not fix it. An additional setting should be changed as well.
network.auth.force-generic-ntlm should be set to true.
network.auth.force-generic-ntlm | user set | boolean | true
this issue is caused by the fact that NTLM is not enabled by default in firefox...
try editing this option: network.automatic-ntlm-auth.trusted-uris from about:config in Firefox
ps. Read this