Sh1mmer Exploit Mitigation

The Sh1mmer Exploit is a Chromebook unenrollment tool that allows users to unenroll Chromebooks from Google Enterprise Workspace. Google has not released an ETA on a patch for this they have released mitigation practices to help prevent this exploit from working.

  • Turn off enrollment permissions for most users. This will require users to identify themselves in order to properly re-enroll on a device that was unenrolled.
    1. Open your Admin Console at: https://admin.google.com/
    2. On the left panel, expand “Devices” > “Chrome” > “Settings”, then click on “Users & Browsers”.
    3. Select the organizational unit(s) of the users that you wish to remove enrollment permissions.
    4. Under “Enrollment Controls”, change the “Enrollment permissions” setting to “Do not allow users in this organization to enroll¬†new or re-enroll existing devices”.
  • On managed Chromebooks, block access to chrome://net-export so that users cannot capture wireless credentials. This can be achieved with the URL blocklist policy.
  • Additionally, Block access to the following websites that have been used to spread exploit tools and information using URLBlocklist as well as via content filtering products:
    • sh1mmer.me
    • alicesworld.tech
    • luphoria.com
    • bypassi.com