androidpoodleBy now you have probably already heard of the POODLE vulnerability (here, and here), and started worrying about the security of your browsers.

Well, from a quick Google search, there are already dozens of manuals and instructions on how to disable SSLv3 in most of the popular browsers and operating systems. Still though, I haven’t found any proper instruction on disabling it in Chrome for Android, thus I’ve found a way to do it myself, and decided to break it down to some simple steps for anyone searching for the solution.

Be advised, that this solution will only work only on rooted devices, and assumes that you have working ADB connection to your phone.


1. Open up command prompt/shell and navigate to where you have adb at: 

winbox$ cd /d "V:\Dev\Android\android-sdk\platform-tools"

2. Execute adb shell, and elevate using ‘su’: (Note that you might need to approve the ‘su’ elevation on the phone, depending on your configuration): 

winbox$ adb shell
shell@mako:/ $ su

3. Create a file telling Chrome its startup arguments, and apply proper permissions: 

root@mako:/ ​# echo chrome --ssl-version-min=tls1 > /data/local/chrome-command-line
root@mako:/ ​# chmod 755 /data/local/chrome-command-line

4. Go back to your phone, and kill Chrome (it might be cached, so you need to click ‘Show cached processes, if using the stock app manager)

Now relaunch Chrome, and that’s it! You are more secure now!
Browse to about:version if you want to review the command-line arguments Chrome was launched with.
You can test if your browser is vulnerable (allows SSLv3) on this site: https://poodle.io/