macOS missing tab title and URL for Google Chrome events
Google Chrome's update to version 99.0.4844.74 on March 15, 2022 included changes to their signing certificate. On macOS devices, this change caused the Code42 agent to lose the permissions required to capture source and destination details for file activity in Google Chrome.
As a result, the Active tab titles and URLs field may display the message Unavailable - Permissions not set. This also affects Incydr's ability to evaluate trusted activity, calculate risk scores, and apply source/destination categories for these events.
This article describes the steps required to update your macOS configuration profile via your mobile device management (MDM) tool to resume capturing Tab title and URL metadata on macOS devices.
- With Google Chrome version 99.0.4844.74 and later
- In Incydr environments that have Browser and other application activity exfiltration detection enabled
- From your MDM (for example, Jamf Pro), navigate to the Code42 configuration profile.
(If you do not already have a Code42 configuration profile, follow these steps to create and deploy a profile).
- In the Privacy Preferences Policy Control (PPPC) payload, find the Receiver Identifier for
- Locate the existing Receiver Code Requirement:
(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"
- Replace the existing Receiver Code Requirement string with:
(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and anchor apple generic and certificate 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificate leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV
Make sure you edit the Receiver Code Requirement value, not the "Code Requirement" field that appears elsewhere.
The new Receiver Code Requirement string continues to also grant the required permissions to older versions of Google Chrome.
- Google: Chrome releases