Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
chrome://flags defaults
See original GitHub issuelooking through the chrome://flags defaults I was wondering if some of these might be configured to lock things down some.
enabled_labs_experiments:
allow-sxg-certs-without-extension@2
autofill-dynamic-forms@2
autofill-restrict-formless-form-extraction@1
autoplay-policy@2
clipboard-content-setting@1
cross-process-guests@1
device-discovery-notifications@2
disable-background-video-track@1
disable-hyperlink-auditing
disallow-unsafe-http-downloads@1
enable-appcontainer@1
enable-autofill-credit-card-ablation-experiment@2
enable-autofill-credit-card-local-card-migration@3
enable-autofill-credit-card-upload-editable-cardholder-name@2
enable-autofill-credit-card-upload-send-pan-first-six@2
enable-autofill-credit-card-upload-update-prompt-explanation@2
enable-autofill-send-experiment-ids-in-payments-rpcs@2
enable-autoplay-unified-sound-settings@1
enable-bloated-renderer-detection@1
enable-block-tab-unders@1
enable-css-fragment-identifiers@1
enable-fast-unload
enable-framebusting-needs-sameorigin-or-usergesture@1
enable-gamepad-extensions@2
enable-gamepad-vibration@2
enable-generic-sensor-extra-classes@2
enable-generic-sensor@2
enable-heavy-page-capping@1
enable-image-capture-api@2
enable-layered-api@1
enable-lazy-frame-loading@1
enable-lazy-image-loading@1
enable-message-center-new-style-notification@1
enable-module-scripts-dynamic-import@1
enable-native-notifications@1
enable-new-preconnect@5
enable-noscript-previews@1
enable-nostate-prefetch@2
enable-recurrent-interstitial@1
enable-resource-load-scheduler@1
enable-service-worker-long-running-message@2
enable-site-per-process
enable-speculative-service-worker-start-on-query-input@2
enable-sync-user-consent-separate-type@1
enable-web-payments-single-app-ui-skip@2
expensive-background-timer-throttling@1
force-unified-consent-bump@1
just-in-time-service-worker-payment-app@2
media-router-cast-allow-all-ips@2
new-usb-backend@2
out-of-blink-cors@1
page-almost-idle@1
pdf-isolation@1
proactive-tab-freeze-and-discard@1
reduced-referrer-granularity
remove-deprecared-gaia-signin-endpoint@1
service-worker-payment-apps@2
site-settings@1
sound-content-setting@1
stop-non-timers-in-background@1
unified-consent@1
voice-search-on-local-ntp@2
web-payments-modifiers@2
web-payments@2
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (1 by maintainers)
Top Results From Across the Web
What does "Default" mean in chrome://flags? - Google Support
The flags are designed for the developers to use when testing features. They can enable or disable the flags for groups of users,...
Read more >What are Chrome flags?
Chrome flags enable the user to activate or deactivate experimental features, whereas the controls available from the chrome://settings page ...
Read more >What determines 'Default' value in chrome://flags
There are combo-boxes consist of 'Default', 'Enabled' and 'Disabled' in chrome://flags. My questions are: What determines 'Default' value. (.gyp or source code ...
Read more >Is there a way to find out the default value for chrome flags?
Not really, no. There is no fixed default, it may randomly be on or off. chrome://version tells you which experiment buckets you're in,...
Read more >The 7 Chrome Flags You Should Enable (And 2 You Shouldn't)
You can reset individual Flags by clicking on their link to disable them or return them to default. If you want to reset...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Once you end up going through the above, can you please remove the
needs-investigationflag and add theclosed/invalid👍If you need any commentary I’m available. We will all have different interpretations of vulnerability or ideas of who legitimate vs. adversarial would use such features or trigger such restrictions.
Several of these things in Chrome are really there because it is also an entire OS for Chromebooks. sensor access, local network discovery, etc. and I assume gamepad access may be used on like a specification’s demo site but that’s probably realistically only used on Chromebooks to play Android games. And things like web payments are more Google-driven web standards as well. Anything Bluetooth, NFC and web payments are likely standards Google pushed through to market some potential future use for seamless Tap & Pay or to leverage Nearby and Bluetooth Eddystone Beacons on Android. It may not ever be used.
To me they are just easy hardening steps until they are actually used.