How to: Secure Chrome against Logjam

Update: Chrome 45 was released on 9/1/15 with a fix for the “logjam” vulnerability.  Use Chrome 45 or newer

Disable the following cipher suites

  • (0xcc15) TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • (0xcc9e) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • (0x0039) TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • (0x0033) TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Until the Chrome 45 update, the easiest by far is to

Step 1:
Modify an existing (or create) a shortcut to Chrome.  Right click on the shortcut and select Properties

Step 2:
Add the following to the application Target:

It should look like this:
(Note: Target field is long and is split into two screenshots)

20150530-secure-chrome-logjam-step2-1

20150530-secure-chrome-logjam-step2

Step 3:
Click Apply or OK to save

Step 4:
Close all Chrome browser windows

Step 5:
Use the shortcut you just modified to re-open Chrome and verify these cipher suites have been disabled

Quick: https://weakdh.org/

20150605-secure-chrome-logjam-weakdh.org-step5

Detailed: https://www.ssllabs.com/ssltest/viewMyClient.html

(h/t) @eckes on twitter: https://twitter.com/eckes/status/604090760032559104

 

Reference

The fix is “on track to be included in Chrome 45”

 

Downloads

I zipped the Logjam safe shortcut from this tutorial.

If you used the standard installer your application path is %UserProfile%\AppData\Local\Google\Chrome\Application\chrome.exe

Download “Windows Default 32-bit Chrome (Logjam Safe) Shortcut” Google-Chrome-Logjam-Safe.zip – Downloaded 76 times – 1 KB

Google Chrome (Logjam Safe).lnk

  • MD5: 32D2342D138B66A3F458D66842038CA5
  • SHA1: CAB26DCFEF880D5D7422633A2732770CB6B0BB17

If you used the “offline installer” Chrome installs to “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”

Download “"Program Files (x86)" 32-bit Chrome (Logjam Safe) Shortcut” Chrome (Logjam Safe).lnk.zip – Downloaded 69 times – 1 KB

Chrome (Logjam Safe).lnk

  • MD5: C689CABE8887CD8187CAAFA395DBCF2B
  • SHA1: EE2E1D54BA3DF586406BB13CA3E35E41A130745B

Original content and screenshots on this page are licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/)