Just started a few days ago, about a week after I had updated chrome. I have checked the firewall rules, and the rule to block incoming connections is there, so why does it keep popping up every time I launch chrome for the first time after a bootup? Has this happened to anyone else?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Keep being asked if I want to allow incoming connections on google chrome helper app
- Thread starter humpbacktwale
- Start date
- Sort by reaction score
You might read here for an explanation:
itectec.com
itectec.com - itectec Resources and Information.
itectec.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, itectec.com has it all. We hope you find what you are searching for!
But why is is happening every time, despite the fact I have already hit deny and the rule is listed in my firewall rules?
while those articles try to explain how to prevent the message from appearing, they don’t explain why Chrome is attempting to accept incoming network connections in the first place.You might read here for an explanation:
itectec.com - itectec Resources and Information.
itectec.com is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, itectec.com has it all. We hope you find what you are searching for!
then use an alternative browser. problem solved.
By that logic, anyone posting about a MacOS issue on this forum should just use windows instead. Neither article addressed my question, so it's perfectly reasonable pointing that out.
I had the same issue with Chromium, and a member of a site that provides updated Chromium builds posted this fix:
xattr -csr /Applications/Chromium.app. <---- this terminal code worked on my iMac
While that works for chromium.app, you will have to change the name in that command to suit your case, using Google Chrome (look in the Applications folder, and add the "period.app" to app name.
The member who helped me fix that issue also posted the link below, which may apply to Chrome as well (not sure about that).
# Fix issue where macOS requests permission for incoming network connections
# See https://github.com/ungoogled-software/ungoogled-chromium-macos/issues/17
At least we know this is a programming issue that can be solved when building an app. It sounds quite complex to me.
Alright, I shall try this fix. I just wonder what actually caused it to happen in the first place?
I really don't understand why you don't want the browser to accept incoming connections, only outgoing ones.
Aren't incoming connections necessary for the browser to function correctly? Can you explain your view in more detail?
Oh, by the way, you could be more careful with phrases like "for sheep", which can be taken in several ways.
In regard to another related aspect, I have found that The Eloston builds of Chromium, available here; (https://formulae.brew.sh/cask/chromium; click once on the orange-red "eloston-chromium" text, then double click the orange version number after the yellow "Current version:") will not pop up that annoying message about accepting incoming connections, while other builds will, despite having the settings in the Security & Privacy preference pane / Firewall settings being set correctly.
I have no proof, but I believe it depends on the build settings, or perhaps even the order of the args or settings used when compiling the binaries.
The Chromium builds available at https://softaro.net/ungoogled-chromium/ also seem free of that annoying pop up message about allowing incoming connections, and it has the latest version available today, unlike the Eloston site, shown above.
The previous "xattr -csr /Applications/Chromium.app" setting does not work in every case and every Chromium build I have tried (personal experience only), but I don't think it will hurt to try it. See Post #9 above for a link to that prior discussion.
Last edited:
Maybe it's down to a misinterpretation of what incoming connections means? I have plenty of programs I use that require connections, and incoming ones are blocked on all of them. It was my understanding that, once my program makes the outgoing connection, the exchange of data in and out progresses as normal. An incoming one is when an exterior connection is made to my machine, and specifically the program mentioned, without it first initiating it, which should be a security concern.
Or does that notification happen regardless of whether connections are actually being made?
Look at the Security and Privacy system preference pane, then Firewall and Firewall Options.
By default, "Automatically allow downloaded signed software to receive incoming connections" is set to ON.
The issue here is Chromium is not officially "downloaded signed software", nor is it "built-in software" like Safari
So you have to have the option to "allow it to accept incoming connections".
I think you are somewhat 'overthinking' that "An incoming one is when an exterior connection is made to my machine, and specifically the program mentioned, without it first initiating it, which should be a security concern. If my understanding is correct, that is exactly why Apple issues signed certificates to software developers.
I do not know why Chromium doesn't get a signed certificate, nor do I know the process required to get one.
The point is that Chromium downloaded from the two sites I mentioned above, the Eloston site and the Softaro.net site do not show that pop up dialog box asking for permission to "Allow incoming connections". Chromium obtained from other sites may vary in that regard. The comment by "foliovision" referred to Brave, Opera and Chromium, as well as turning off completely the function to accept incoming connections. I do not know exactly how doing that would affect a browser, but I expect it would alter the function of a browser to a large extent.
I think we need an expert's opinion here. Would a browser work fine with that function turned off completely?
Well if I look at my rules, it is blocked for the google chrome helper app, and I deny it every time I start the app, and it works fine, which suggests that no part of browsing any site requires the app having the ability to accept incoming connections.
The other question is whether that popup means do you want to allow it in general, or whether it occurs because something is trying to make the connection, which then raises the question of what that is, and how it's even making a connection to a device that, at least in my case, is behind a hardware firewall on both networks. Moreover, this only began after an update, which I would think would imply a certain feature of chrome, but I have been unable to determine what that could be.
Ok so according to apple:
So is there a way to determine why Google Chrome, or its helper apps, are for some reason no longer signed correctly, if that is what is happening?
I don't want websites connecting to my computer. I'm happy with one way connections, thank you. Applications with certificates verified by Apple/Google/Microsoft might protect you from street criminals but they don't protect you from commercial spyware or state snooping.
There is the option to turn off allowing all incoming connections in the Firewall options, have you seen that?
That dialog box does mention that certain network functions cannot be completely turned off. I am not well informed regarding the related network functions and protocols, so I am not sure how that affects our security.
In your case, perhaps a commercial firewall solution may be necessary. Have you looked into that option?
The bottom line is there’s no way I’d let any piece of software start hosting a server on my Mac without supplying any details of why it’s doing that.
Someone asked the question on the Google forums, and it instantly got blocked - with replies disabled: https://support.google.com/chrome/thread/17996006/why-does-chromium-offer-incoming-connections?hl=en
Time to break out Wireshark - though I suspect any traffic to it will be encrypted.
Someone asked the question on the Google forums, and it instantly got blocked - with replies disabled: https://support.google.com/chrome/thread/17996006/why-does-chromium-offer-incoming-connections?hl=en
Time to break out Wireshark - though I suspect any traffic to it will be encrypted.
Hey guys, I stumbled upon this thread after researching this rather strange problem.
TLDR: I believe this might be a security exploit (do not click "Allow")
Let me explain.
I began receiving the popup seeking authorization to Deny or Allow incoming connections to the application "Google Chrome Helper.app" a couple of weeks ago. I kept denying the request because I obviously didn't know from where the incoming connection was originating. I accepted it one day I was feeling annoyed and made no more note of it.
Days later, it turns out that my Mac made a notification sound it has never made before right around when I was *undressing* in front of it. Sure, this might be a hunch, but it made me feel observed. It sounded like a recording beep.
So I kept my trousers on and ran multiple deep scans and checks, however it all came back clean.
I then proceeded to update Mac OS. For a strange reason, though, the computer was not executing the restart command through System Preferences. I closed everything, tried again--still nothing. I was about to restart the computer manually when I just randomly decided to toggle off my connection to the Internet. *Boom*
Restart.
The update was applied, however the next round of updates was still being impacted by the same behavior--in other words, restart command not being executed, toggled off Wi-Fi, boom, restart.
And once the final restart brought my Mac back to its login screen: voilà voilà, the prompt asking whether "Do you want the application 'Google Chrome Helper.app' to accept incoming network connections?" reappeared in all its glory after inputting my password.
I tracked down the incoming connection to the Chrome extension "Videostream for Google Chromecast™" which was probably making use of the old, discontinued "Chrome Remote Desktop" as well. (I know, I should know better than to keep old apps installed.)
I have also noticed that the exploit toggled off my volume controls visibility in the Menu Bar (again, perhaps linked to my hunch about that strange beep).
However, I am still unable to find the file seeking authorization to accept incoming network connections. In fact, going through the Firewall to "Show in Finder" to fetch the file does nothing. This leads me to believe part 2 of the problem is still saved somewhere in my system. To be fair, I don't think whether the real Chrome Helper App is behind this behavior. Or if it is, the exploit is relying on it to initiate the connection.
Unfortunately I don't posses the deep-system tinkering expertise required to find it. Any suggestions?
Mid 2012 Macbook Pro 9,2 running Catalina 10.15.7 (19H1922); 16GB RAM; OWC SSD Data Doubler.
TLDR: I believe this might be a security exploit (do not click "Allow")
Let me explain.
I began receiving the popup seeking authorization to Deny or Allow incoming connections to the application "Google Chrome Helper.app" a couple of weeks ago. I kept denying the request because I obviously didn't know from where the incoming connection was originating. I accepted it one day I was feeling annoyed and made no more note of it.
Days later, it turns out that my Mac made a notification sound it has never made before right around when I was *undressing* in front of it. Sure, this might be a hunch, but it made me feel observed. It sounded like a recording beep.
So I kept my trousers on and ran multiple deep scans and checks, however it all came back clean.
I then proceeded to update Mac OS. For a strange reason, though, the computer was not executing the restart command through System Preferences. I closed everything, tried again--still nothing. I was about to restart the computer manually when I just randomly decided to toggle off my connection to the Internet. *Boom*
Restart.
The update was applied, however the next round of updates was still being impacted by the same behavior--in other words, restart command not being executed, toggled off Wi-Fi, boom, restart.
And once the final restart brought my Mac back to its login screen: voilà voilà, the prompt asking whether "Do you want the application 'Google Chrome Helper.app' to accept incoming network connections?" reappeared in all its glory after inputting my password.
I tracked down the incoming connection to the Chrome extension "Videostream for Google Chromecast™" which was probably making use of the old, discontinued "Chrome Remote Desktop" as well. (I know, I should know better than to keep old apps installed.)
I have also noticed that the exploit toggled off my volume controls visibility in the Menu Bar (again, perhaps linked to my hunch about that strange beep).
However, I am still unable to find the file seeking authorization to accept incoming network connections. In fact, going through the Firewall to "Show in Finder" to fetch the file does nothing. This leads me to believe part 2 of the problem is still saved somewhere in my system. To be fair, I don't think whether the real Chrome Helper App is behind this behavior. Or if it is, the exploit is relying on it to initiate the connection.
Unfortunately I don't posses the deep-system tinkering expertise required to find it. Any suggestions?
Mid 2012 Macbook Pro 9,2 running Catalina 10.15.7 (19H1922); 16GB RAM; OWC SSD Data Doubler.
Attachments
Last edited:
So you had this extension installed under more tools-> extensions?
Well then that's an issue because I don't have that. Also, I find it unlikely it's an exploit given the large amount of posts I have been able to find about it. How were you able to determine where the incoming connection was going to?
Also I am pretty sure the reason you can't view it in finder is because it can't be navigated to outside of actually clicking on the app and using show package contents.
I take it you are seeing the same thing? Edit: Did wireshark show anything?
Last edited:
Ok so using /usr/libexec/ApplicationFirewall/socketfilterfw --listapp, despite showing up as com.google.chrome.helper, it doesn't appear as a rule through the terminal, only in the system preferences.
Also, unless you have port forwarded on your router, no one outside of your network will be able to connect to you mac inside the network, which means if someone had done this, it would have to be from inside your network.
Still think it's not the case though.
Yeah, no...not sure who told you that, but that's patently false. If a system has been compromised, it doesn't matter whether or not you've punched any holes in the firewall because almost no home (or even small business) networks have any egress rules. Even if they did, threat actors are sufficiently clever nowadays that they'd find a way to piggyback their C2 traffic on the ports that are open.