Now Google Chrome warns if your browser has been hijacked

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Chrome browser hijackBrowser hijacking is a big problem.

I’ve lost count of the number of times that friends and family have asked me to take a look at their PC “because it’s acting funny”, only to discover that their browser has been meddled with by something like Babylon Toolbar, CoolWebSearch or Conduit Search.

Browser-hijacking software like these are often bundled with third-party applications, and can be installed at the same time if the user isn’t careful, changing your browser’s homepage, displaying irritating hard-to-remove pop-up adverts, or redirecting search queries and displaying sponsored links all with the intention of earning more revenue for the people behind them.

And, as if that weren’t irritating enough, browser hijacking toolbars and add-ons are often very complicated to permanently remove from a Windows computer – even modern anti-virus software often struggles to fix the problem, leaving victims to either download specific clean-up tools or follow complicated step-by-step procedures published on internet forums.

Sign up to our free newsletter.
Security news, advice, and tips.

So I was pleased to read the latest blog post from the Google Chrome team, who explained that Chrome would be “prompting Windows users whose settings appear to have been changed if they’d like to restore their browser settings back to factory default.”

Chrome hijack detected

Reset altered Chrome settings?

Chrome detected that your browser settings may have been changed without your knowledge. Would you like to reset them to their original defaults?

According to Google, Chrome should notice that your browser’s settings have been changed – and give you an easy way (thankfully it’s the default) to reset them if the alteration wasn’t authorised by you.

Of course, resetting your browser settings does mean that it will lose other changes you might have made:

Note that this will disable any extensions, apps and themes you have installed. If you’d like to reactivate any of your extensions after the reset, you can find and re-enable them by looking in the Chrome menu under “More tools > Extensions.” Apps are automatically re-enabled the next time you use them.

Finally, resetting your browser’s settings does not necessarily mean that you have succeeded in removing the adware which messed with your settings in the first place – these typically survive rebooting, and the hijack could occur again.

But at least Google is doing something to make life a little harder for the browser hijackers, and perhaps more members of my family and circle of friends will realise that something strange is going on with their browser.

Features like this, combined with users remembering to follow best practices, being careful about what they install and keeping their anti-virus software and security patches updated, help make the internet that little bit more of a safer place.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Now Google Chrome warns if your browser has been hijacked”

  1. Steve Lyons

    Noticed this the other day when trying to remove one of these browser hijackers from no.3 sons PC. Chose not to reset to factory defaults, only wanted to put home page back to Google for him (after jumping through all the various hoops to remove the crapware!).

  2. Any thoughts on how likely this feature would be to trigger a false positive?

    1. I think that rather depends on what you think the Google message is saying.

      It says "Chrome detected that your browser settings may have been changed without your knowledge." It's not saying that whatever changed your settings is necessarily malicious and – of course – it's possible you *did* know that a particular piece of software was going to tweak your browser settings.

      I'm sure that there will be occasions when Chrome will display the warning when users have not had their browser hijacked, but – even so – I'm sure that in balance it is likely to be more helpful than harmful.

  3. A smart 19 year old (lol)

    If you practice common sense while on the internet there is no need for any anti-virus software outside of ad block. The majority of it has a high price tag, and they all have a decent tax on a CPU even running in the background (or a huge tax on the cpu, looking at you Norton..) They don't actually do anything you cant do in one google search and you can very simply diagnose the things running on your computer using the task manager.. yeah this article was good but anti virus software isn't. something to consider

  4. Michael Dardar

    My Google Chrome browser has been hijacked by a redirectional virus that redirects Facebook to www.fbk.g00p.com, YouTube to proxyfree.com and IMDB to www.hidemyass.com! About a year ago this happened but it included dictionary sites, and it was caused by wpkg.org. I found help that time online–adding 127.0.0.1 wpkg.org at the bottom of the host file in C:\Windows\System32\driver\etc\.

    I am in China and use SSLedge Falcon Proxy. I used Spyhunter and Advance System Protection but they didn't identify this problem. In fact, they both recognized each other as malware!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.