how do I know if chrome external protocol requests to launch the onepassword4-extension are legit?
I've been using the onepassword extension on Google Chrome (on a Mac) for several months now without any issues.
Yesterday, and today when I opened Chrome, chrome immediately requested that I allow chrome to launch onepassword so it can "handle onepassword4-extension: links. The link requested is onepassword4-extension://activate/Chrome."
The protocol request also says: "If you did not initiate this request, it may represent an attempted attack on your system. Unless you took an explicit action to initiate this request, you should press Do Nothing."
The above statement about "not initiating the request" is what makes me nervous, since I did NOT initiate it.
Should I be concerned, and if so what steps do I need to take to protect my vault etc.?
Thanks in advance!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:how do I know if chrome external protocol requests to launch the onepassword4-extension are legit?
Comments
-
@Crabduck: The good news is that even if something else initiates the request, it won't be able to connect to 1Password and steal your data. 1Password verifies the code signature of the browser when connecting to its extension to validate it. And in the latest version, we've also added mutual authentication so that you can confirm the connection yourself to allow 1Password to connect securely.
However, while that is the URL scheme for 1Password, normally you won't see these messages. So you may be seeing it because you're using an outdated version of 1Password and/or the extension.
Unfortunately without some basic information it's hard to say definitively. Please tell me the OS, 1Password, browser, and extension versions you're using, the exact steps you're taking, and what is (or is not) happening the way you expect so we can figure out the best plan of action:
http://support.1password.com/cs/version/
The more information you can give, the better. Thanks in advance! :)
0 -
Thanks for the insights, @brenty.
I ended up deleting the 1password extension from Chrome and have just been using the app, so I'm not sure what version of the 1Password extension I was running. The versions of the browser, OS and 1Password are as follows:
Chrome Version 53.0.2785.143 (64-bit)
macOS Sierra version 10.12 (16A323)
1Password:
Version 6.3.4 (634000)This is probably no longer relevant/helpful, but before I deleted the extension, when I opened chrome it would immediately request that I allow chrome to launch onepassword so it can "handle onepassword4-extension: links. The link requested is onepassword4-extension://activate/Chrome." Unless I hit "do nothing", Chrome would continue to make the same request.
At this point, I'd like to reinstall the 1Password extension, but am wondering if there is anything I should do in Chrome or with my system before reinstalling?
Thanks!
0 -
At this point, I'd like to reinstall the 1Password extension, but am wondering if there is anything I should do in Chrome or with my system before reinstalling?
@Crabduck: I am so glad you asked! Definitely update Chrome, which is on version 54 now ( [ ⋮ ] > Help > About), and also 1Password, at version 6.3.5. And then also be sure to update macOS. 10.12.1 was released today, and it includes some important security fixes (along with less critical but still welcome improvements). Finally, install the 1Password extension from the AgileBits site and you should be all set. Let me know how it turns out! :)
0 -
Excellent! Thanks for the update. You are most welcome! We're here if you need anything else! :)
0
