Many Windows applications, such as antivirus software, inject code into Chrome to modify its behavior. This results in more frequent browser crashes, so Google is taking a stand by blocking these techniques.
Why Are Applications Injecting Code?
Some applications inject code into other running processes to modify their behavior. On Windows, this technique has existed for a long time. It’s used by many different types of applications, from antimalware tools to dangerous malware. This is often called DLL injection on Windows, too.
In other words, applications inject code into Chrome to modify Chrome’s behavior. A security program might want to add some additional checks to Chrome’s browsing, or a piece of malware might want to better spy on your browsing.
Even if the application is using code injection with good intention, it can cause problems by interfering with Chrome’s code. Chrome’s developers don’t know exactly how this additional code is going to behave. As Chrome developer Chris H. Hamilton puts it: “This type of software injection is rampant on the Windows platform, and causes significant stability issues (crashes).”
RELATED: What is Code Injection on Windows?
When Will Chrome Completely Block Code Injection?
Google originally announced its plans to block this technique in November 2017, noting that Windows users with software injecting in Chrome are 15% more likely to have Chrome crash. Google notes that there are better techniques for applications that require this sort of functionality, like installing a Chrome browser extension that uses Chrome’s native messaging to communicate with another program on the system.
The original announcement said Chrome 69 would begin blocking all code injection in September 2018. However, on our system, the beta version of Chrome 69 currently only warns about code injection if your browser experiences a crash. It does not block that injection.
Chrome’s developers frequently A-B test new features like this—in other words, they roll different features out to different Chrome users to see how people respond—so it’s possible some Chrome 68 users already saw this warning.
Google originally announced plans to block all code injection starting in January 2019. According to Hamilton, Google still plans to block it “soon,” at which point the warning will stop appearing because Chrome will silently block all attempts at code injection. Microsoft Edge was the first browser to make the change on Windows, and it’s already blocked code injection since 2015.
Are My Applications Really Causing Crashes?
Even if Chrome is warning you about incompatible applications, they aren’t necessarily causing problems—unless your browser is crashing.
Hamilton notes that Chrome is merely warning about any software using code injection “without making value judgments.” The software you have installed might be working correctly and never causing any problems, but Google doesn’t like this technique and is working on blocking it.
How to Check for Incompatible Applications
If Chrome crashes, you will see a notification asking you to “Update or remove incompatible applications” or “Update or remove problem applications.” This will take you to a list of applications using code injection on your system.
You can also access this list—even before Chrome crashes—by heading to Menu > Settings > Advanced, scrolling down to the bottom of the screen, and clicking “Update or Remove Incompatible Applications” under Reset and Clean Up. If you don’t see this option here, no applications on your system are injecting code into Chrome.
You can also type chrome://settings/IncompatibleApplications into your address bar and press Enter. If you don’t see a list of incompatible applications, you have none installed.
(Note: This option is only present starting with Chrome 69 on our system. Chrome 69 is scheduled for stable release on September 4, 2018.)
Chrome will list all the applications using code injection you have installed. Many antivirus applications, including Avast, AVG, Bitdefender, Emsisoft, Eset, IObit, Norton Security, Malwarebytes, and WinPatrol appear here.
Other applications that have appeared here include Acronis True Image, Dropbox, and RocketDock. The list may be surprising, but any application using code injection will appear in the list.
The “Remove” button next to an application will take you to the Settings or Control Panel window where you can uninstall the application if you like.
If you aren’t experiencing crashes, there’s no reason to uninstall the application—Google will block its code injection attempts in a few months, anyway.
Google is clearly hoping that application developers will update their applications to no longer depend on code injection techniques. After all, developers don’t want Chrome encouraging people to uninstall their applications. Either way, this error message won’t be around for too long.
We don’t think it’s a huge loss. As Chrome’s developers note, code injection techniques contribute to crashes, and fewer crashes will be an improvement. We’re also not a huge fan of antiviruses interfering with the browser.