Lipani Security LLC

A Security & Privacy Company

Category: chrome

Windows 11 Registry Key To Block Automatic Download AI Model on Google Chrome

Posted on by admin

Google Chrome was found downloading and installing a local AI model, called Gemini Nano, that can take up 4GB or more of space on a hard drive. This was being done automatically without the consent of users. Microsoft’s Edge, which is also based on Chromium, has a similar feature; both use the same registry key GenAILocalFoundationalModelSettings as found in Microsoft documentation.

1. Open Registry Editor (REGEDIT.msc)

2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WOW6432Node\Google\Chrome

3. In the right window part, create a new DWORD value (32-bit), the name must be GenAILocalFoundationalModelSettings

4. double-clicked the new registry key and made sure the value is 1

You can do the same for Microsoft Edge, just do the same process at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WOW6432Node\Microsoft\Edge

Sh1mmer Exploit Mitigation

Posted on by admin

The Sh1mmer Exploit is a Chromebook unenrollment tool that allows users to unenroll Chromebooks from Google Enterprise Workspace. Google has not released an ETA on a patch for this they have released mitigation practices to help prevent this exploit from working.

  • Turn off enrollment permissions for most users. This will require users to identify themselves in order to properly re-enroll on a device that was unenrolled.
    1. Open your Admin Console at: https://admin.google.com/
    2. On the left panel, expand “Devices” > “Chrome” > “Settings”, then click on “Users & Browsers”.
    3. Select the organizational unit(s) of the users that you wish to remove enrollment permissions.
    4. Under “Enrollment Controls”, change the “Enrollment permissions” setting to “Do not allow users in this organization to enroll new or re-enroll existing devices”.
  • On managed Chromebooks, block access to chrome://net-export so that users cannot capture wireless credentials. This can be achieved with the URL blocklist policy.
  • Additionally, Block access to the following websites that have been used to spread exploit tools and information using URLBlocklist as well as via content filtering products:
    • sh1mmer.me
    • alicesworld.tech
    • luphoria.com
    • bypassi.com