How to Make Chrome Safe from the POODLE Vulnerability

This tutorial was written by Dorothy, aka @MacLurker to tell Google Chrome to ignore SSL and only allow TLS1.

Before starting, quit all instances of Chrome

1. Create an Automator app

Start up Automator.

  1. Select "Application"
  2. Click "Choose"

If you don’t see this document, click "New Document". Or "File", then "New"

2. Add a shell script action

  1. In Library pane, click "Utilities"
  2. From middle pane, drag "Run Shell Script" to workflow on right.
  3. Note addition of shell script to workflow.

3. Enter these lines into shell script, replacing the "cat", until it looks like this:

Copy and paste the following two lines into the shell script body:

open -a "Google Chrome.app" --args -ssl-version-min=tls1

# keep the .app suffix or will break with Parallels

4. Save the app in the Applications folder. Call it "ChromeSafe"

Click "File", then "Save…"

  1. Enter "ChromeSafe" in "Save As:", replacing "Untitiled"
  2. Navigate to Applications folder
  3. Make sure File Format is "Application"
  4. Click "Save"

Note: If you’re not logged in as an Administrator, you won’t be able to directly save the application to the Applications folder.  Instead, save the application to your desktop.  Follow Step 5 to change the icon, then drag ChromeSafe to your Applications folder. You will be prompted for Admin credentials and then everything should be dandy.

5. Replace the new Automator app’s icon with the Chrome icon (just to give you a visual cue)

Open "Applications" folder in "Finder".

1. Get Info on your real Google Chrome. (Right-click on file name in Finder window. Select "Get Info"

2. Click on the icon on the top left, press Cmd-C,

3. Get Info on your Chrome Automator app.

4. Click the icon, and press Cmd-V. This replaces Automator icon with Chrome icon

5. Close both Info windows.

6. Verify ChromeSafe from Applications folder

a. Double click ChromeSafe file name from Applications folder in Finder. Verify Chrome starts.

b. Verify Chrome in safe mode: See Step AA below

c. Now quit Chrome

7. Verify you can see the new app from your favorite app launcher.

a. Launch ChromeSafe from LaunchPad or your favorite app launcher. Verify Chrome starts.

b. Verify Chrome in safe mode: See Step AA below

c. Now quit Chrome

8. (optional) Add to Dock

a. Drag from Applications folder to Dock

b. Launch new safe Chrome from Dock. Verify Chrome starts.

c. Verify Chrome in safe mode: See Step AA below

9. Clean-up

From now on, remember to use the "ChromeSafe" to start Chrome.

You now have two Chrome icons both in your Applications folder and on your Dock. One will say "Google Chrome". This is the original non-safe Chrome. The other will say "ChromeSafe". This is the new app you just created from this process.

If you didn’t have Chrome in your Dock before, you can ignore all the Dock instructions, as well as Step 7 above.

If you did and you don’t want to confuse yourself, you can remove the original "Google Chrome" icon from the Dock. Don’t remove it from the Applications folder. ChromeSafe expects to find it there.

You can now close the ChromeSafe application and quit Automator.

AA. Test that Chrome is now safe.

Enter the following in the URL address field:

https://www.ssllabs.com/ssltest/viewMyClient.html

Verify your page looks like this.

AB. What happens when Chrome is NOT safe