Every time Chrome updates, I can't use the 1password plugin without relaunching Chrome

ajahn

I've asked this before and I was told it is a Chrome issue. Is there a work around. Every so often, I will go to a web login page and click the 1password icon on the browser. I get an error. The fix is to go to Settings -> About and look to see if a new version of Chrome was updated, and I have to "Reload" Chrome. After that it works.... Until the next time an update happens. This is driving my wife nuts, cause she can't remember how to fix it. I'm a software engineer, so I know what to do. But I have to tell you, it is VERY ANNOYING. This happens at least once a week. Chrome seems to push out updates all the time. And every time it breaks 1password. Please help! This happens on my laptop (Mavericks) and my iMac (El Capitan). It was also happening in Yosemite before that.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Every time Chrome updates, I can't use the 1password plugin without relaunching Chrome

ajahn

The reason I didn't supply the info at the bottom is it is happening in 1Password 4 (Mavericks) and 1Password 6 (El Capitan). Only happens in Chrome.

rickfillion

Hi @ajahn,

I feel your pain, this happens to me too. I have no (good) fix to offer you, but I can explain why this happens.

By default, 1Password verifies the codesignatures of browsers that connect to it. This lets us verify that only browsers we officially support connect to 1Password, and keeps other apps from some tomfoolery. This is a really nice feature, and we're quite happy with how it works.

In the event that you're not familiar with what codesignatures are, I'll give you the super super short version of it: Basically codesignatures are like a stamp of authenticity. We can take an app's codesignature and with OS X's help, we can validate that the app is the app we think it is, that it's from who we think it is, and that it hasn't been modified by anyone (by say malicious software).

So why is this a problem with Chrome in this case? There's two parts to a codesignature for a running app. There's the codesignature of the app on disk, which is typically where/how codesignature verification works (for example the system checks it before you run any app). Then when the app gets loaded in memory to run, the system copies part of the signature into memory. The part they copy into memory serves as a type of check. If you want to know about the codesignature of an app that's running (as opposed to an app that's on disk), then the system does two things: 1. It looks on disk from where the app was launched for its codesignature there. 2. Verifies that the check it copied into memory matches what was on disk. If the check fails, then this means that someone has modified the app on disk since the system loaded it in memory. So it can't validate the codesignature.

So why is this a problem with Chrome in this case? There are some super smart people who work on Chrome. They've decided that they can take a major pain point away from users with the update process. If you do the update for the user, they'll always be up to date, and the world is great. The problem is that Chrome downloads a new update for itself, and overwrites itself on disk. By doing this, they've changed the codesignature on disk. The codesignature on disk still validates, but it does not match the one for the version of Chrome that you have running in memory.

I said I had no good fixes for you, and that's true. But there is a bad/unrecommended fix. If this is a major pain point for you, there's the option of disabling browser codesignature verification under Preferences > Advanced.

I hope this helps explain things.

Rick

ajahn

Rick, thanks for the great explanation. About that work-around, is that a Chrome preference or a 1Password preference? If a 1Password pref, then it would be very cool if you could disable codesignatures for a given app only. Can it be done on a user by user basis?

Thanks

ajahn

Rick, just found this in a search... https://support.1password.com/invalid-code-signature-win/
I think I see how to do it. This article is for Windows, but I'm sure it is the same on OSX.

Thanks again

rickfillion

Hi @ajahn,

Right, it's a 1Password preference. It doesn't really make sense to only have it be for one app from our side, as any app could then just pretend to be the one app we've disabled it for. It would give you a false sense of security.

Rick

ajahn

So last question. Do you know if this is a global setting, or can I just set it for my wife. We are on the same mac, with separate accounts. is this a local ~/Library setting just for her? I guess I could set it and check on my account. I really hate to disable it, but she has an issue with it. I wish there was a way to turn off automatic updates on Chrome. That way I could update on my own schedule and restart her browser after each manual update.

Thanks for the help.

Drew_AG

Hi @ajahn,

1Password preferences are set separately for each OS X user account, so if your wife disables that setting from her account, it should still be enabled on yours.

Offhand, I'm not sure how to disable automatic updates for Chrome - but even if that's possible, I wouldn't recommend doing that because you would be missing out on the latest security enhancements and bug fixes. Also, the 1Password extension is designed (and updated) to work best with the latest version of Chrome, so if you stopped updating Chrome, you would likely run into problems with the 1Password extension at some point.

If you need anything else, please let us know - we're always glad to help! :)