Chrome on, baby, don't fear The Reaper: Plugin sends CPU-hogging browser processes to hell where they belong

NIST boffin builds processor-busting buster

The US government may have trouble regulating Google – but one of its developers has come up with a way to rein in the Chocolate Factory's resource-hungry browser.

David Flater, a computer scientist at Uncle Sam's National Institute for Standards and Technology (NIST), has created a Chrome extension for killing excessive browser processes, and has this month released the code under an MIT open-source license. It's called The Chrome Reaper.

Chrome has developed something of a reputation as a resource hog, having been plagued with RAM-gobbling and CPU-taxing problems over the years.

While these issues can sometimes be attributed to bugs and browser design decisions, they may also be also be the result of cryptomining code, bloated web pages, Flash files, or poorly written JavaScript.

"I made the extension because I have encountered web sites that saturated my CPU for no explained reason," said Flater in an email to The Register. "The extension detects the problem and stops it automatically, where previously I would have to realize that my computer was bogging down and trace the cause manually."

The extension is based upon Andy Young's 2013 Process Monitor for Chrome, from which it inherits its MIT license.

A scary monster

Why are fervid Googlers making ad-blocker-breaking changes to Chrome? Because they created a monster – and are fighting to secure it

READ MORE

The Chrome Reaper is intended mainly as a defense against cryptomining, though Flater acknowledges that he has no data on the prevalence of coin-generating code.

According to IBM's 2019 X-Force report, cryptojacking attacks – hijacking the browser's CPU to mine cryptocurrency via JavaScript – have "more than quadrupled" between Q4 2018 and Q1 2019. Big Blue's security group also insists that malware-based cryptomining – which affects apps and operating systems rather than Chrome – is on the rise.

Flater's extension is designed to terminate a Chrome process when its CPU demand meets or exceeds a preset threshold over a specified period of time. It can thus be set to target usage spikes or less noticeable increases that persist for a while – a tactic some cryptomining code has been known to adopt to minimize the risk of detection.

It also supports whitelisting, so it won't intervene when legitimate demands for CPU power have been anticipated.

The documentation warns that Reaper relies on an experimental API – chrome.processes – and may have security implications. "In terms of net risk, there is a tradeoff between Reaper's mitigation of in-browser malware and the significant expansion of the attack surface and weakening of browser defenses that results from enabling experimental APIs and developer mode," the documentation explains.

As such, The Chrome Reaper isn't available through Google's Chrome Web Store. But determined types with modest technical knowledge can review the source code and, if they're satisfied it's safe, can download the files and install them manually using the instructions provided.

After relaunching Chrome, the extension will display an icon in the browser's address bar showing the percentage of overall CPU utilization, which should provide a visual warning before the Reaper strikes. ®




Biting the hand that feeds IT © 1998–2019