Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/S-PScripts/chromebook-utilities/llms.txt

Use this file to discover all available pages before exploring further.

A WebView is a Chrome browser window embedded inside a native app. Unlike a regular Chrome tab, these embedded windows are not subject to the extension-based filtering that administrators deploy — monitoring and blocking extensions only run inside the main Chrome profile, not inside app-hosted WebViews. This means that if you can navigate from an app’s built-in browser to an unrestricted website such as Google, you effectively have an unmanaged browsing session. The exploits on this page document how to reach that session through school apps (Play Store apps, kiosk apps, and ChromeOS built-in pages) installed on managed Chromebooks.
WebView exploits bypass extension-based filters (GoGuardian, Securly, Blocksi, etc.) but do not bypass network-level DNS or firewall blocks. If your school uses both extension-based and DNS-based filtering, combine a WebView exploit with a DNS bypass for complete access. WebViews in kiosk or Android apps often work even when browser extensions are active.

App-Based WebView Exploits

Get an unblocked Google browsing context through the chrome://chrome-signin built-in page’s embedded sign-in flow.
1

Open chrome://chrome-signin

Navigate to chrome://chrome-signin. If this URL is blocked, see the bypass at the bottom of this section.
2

Enter a test email

In the email text box, enter one of the following:
456789@bsd48.org
google@d11.org
spstudent@d11.org
james.poole@d11.org
dusty.kachel@d11.org
3

Click Sign-in options

Click OK at the bottom right, then click Sign-in options.
4

Sign in with GitHub

Click Sign in with GitHub.
5

Navigate to Google (Method 1)

Click the GitHub logo. In the search box at the top right, type Google. Click Search all of GitHub. Click the Google link in the infobox on the right side of the screen. You are now on unblocked Google — use the keyboard forward/back keys to navigate since there are no tabs.
6

Navigate to Google (Method 2 — alternative)

Click Docs and scroll down. Click Ask the GitHub community. In the search box, type Google, click Search all of GitHub, then click the Google link in the infobox.
If you get “This account is not allowed to sign in within this network”:Use chrome://add-supervision instead:
  1. If it shows error 401, click the Google logo (you can only navigate to *.google.com subdomains).
  2. If blank, press Ctrl+Shift+R.
  3. Enter your school email and password. When shown “You don’t have access to this service”, click administrator.
  4. Scroll to the bottom of the Google policy page and click Privacy Policy.
  5. Scroll to the bottom and click Google.
If chrome://chrome-signin is blocked:
  1. Go to chrome://account-migration-welcome/
  2. Click Update
Credits: Brandon421-ops
An alternative chrome://chrome-signin WebView path for users who receive the “not allowed to sign in within this network” error. Requires access to EE Wi-Fi in the UK.
1

Go to chrome://chrome-signin

Navigate to chrome://chrome-signin/.
2

Connect to EE Wi-Fi

Connect to EE Wi-Fi.
3

Reload until the correct page loads

Keep reloading until the sign-in page does not immediately show “Connect to EE Wi-Fi” — it should load for a while instead. After loading, it will show “Your connection is not private”. Type thisisunsafe to proceed.
4

Navigate through EE to Google

Accept all cookies on the EE page. Click Buy Now (any option). Change your Wi-Fi back to your regular network. Click the EE icon at the top left → scroll to EE STORE → Shop now. Accept cookies. Scroll to the bottom → click Privacy policy (under Information). Click “Please click here to view the BT Privacy Policy.” Accept cookies on BT’s page. Click Contact BT at the bottom left. At the bottom right of that BT page, click the small YouTube icon. Accept all cookies on YouTube. In YouTube’s sidebar, click Privacy. Scroll to the bottom of Google’s privacy page. Click the small Google text. Accept cookies on Google’s search page.
5

Browse freely

Use the keyboard forward/back keys to navigate. This would work with any captive portal that can reach Google or YouTube.
Credits: S-PScripts
Found in the ASR app (package: com.nll.asr). Requires the ASR app to be installed from the Play Store.Full write-up: https://s-pscripts.github.io/asr-exploit/Method 1 (OneDrive → GitHub → Google):
1

Install and open ASR

Install ASR from Google Play. Open it, accept the privacy policy, and click through all the recorder buttons to continue.
2

Open Cloud Services settings

Click the three-dots icon at the top right → Settings → Cloud Services → green + Add button at the bottom right.
3

Connect to OneDrive

Click OneDrive/Business, then click Connect to the service. A Microsoft sign-in screen will appear.
4

Navigate via GitHub to Google

Click Sign-in options → Sign in with GitHub → GitHub logo. In the search box at the top right, type Google. Click Search all of GitHub. Click the Google link in the infobox on the right. You are now on unblocked Google. Use forward/back keyboard keys to navigate.
Method 2 (Box → cookie notice → Google):
1

Connect to Box

From the same Cloud Services settings, click Box → Connect to the service.
2

Navigate via Box's cookie notice

On the Box sign-in page, click Terms of Service or Privacy Policy. On the cookie popup, click “here” in the last sentence. In the table on the cookie notice page, find Google in the second column. In the third column, click the first “here”. Scroll to the bottom of Google’s privacy page and click the small grey Google text.
Credits: S-PScripts
A WebView through the TestNav app (available from the Play Store or as a kiosk app).Method 1:
1

Open TestNav

Download TestNav from the Play Store if needed. Open it.
2

Select Aimsweb/Aimsweb Plus

Click Aimsweb/Aimsweb Plus.
3

Select a district

Click Select your district at the bottom right. Select STRATFORD FRIENDS SCHOOL.
4

Click the arrow and sign in with GitHub

Click the arrow to the right of the selection box. From the sign-in options, click Sign in with GitHub. Click the GitHub logo at the top, search for Google, and click the google.com link at the top right. You now have an unblocked browser.
Method 2 (Fullscreen):
1

Open Student Portal

Scroll down on the TestNav home screen and click Student Portal. Select St George from the dropdown.
2

Close the lid

Immediately close your Chromebook lid for 3–5 seconds, then open it back up.
3

Navigate to Terms of Use

Click the status page link. At the very top ribbon, hover over Support → Customer Support. Scroll down and click Terms of Use.
4

Sign in with GitHub

Click the person icon at the top right → Sign-in → Sign-in with Microsoft → Sign-in options → Sign-in with GitHub. Click the GitHub logo, search for Google, and click the link.
Credits: Brandon421-ops
A WebView through the Edcite app. The Edcite app must be installed on your Chromebook.
1

Open Edcite without logging in

Open the Edcite app. Do not log in. Instead, click Forgot your password?.
2

Navigate to Terms of Service

Click Terms of Service on the password reset page.
3

Find the email link

Scroll down until you see legal@edcite.com. Click on it. If prompted to log in, go back and click it again. This should open the Gmail website.
4

Navigate to Google (Option 1)

On the Gmail page, click For Work. Scroll down until you see Follow our blog — click it. Scroll to the bottom and click the Google logo. You are now on Google.
5

Navigate to Google (Option 2)

Alternatively, on the Gmail page, scroll to the bottom and click the Google logo at the left.
There is no address bar in this WebView. You cannot open new tabs. Use the keyboard forward/back keys to navigate between pages.
Credits: PlanetSat0rn
A WebView through the Edulastic app. Requires the Edulastic Play Store app.
1

Open Edulastic

Open the Edulastic app.
2

Click Sign in with Office 365

Click Sign in with Office 365.
3

Use GitHub sign-in

Click Sign-in options → Sign in with GitHub → GitHub logo at the top.
4

Navigate to Google

In the search box at the top right, type Google. Click Search all of GitHub. Click the Google link in the infobox. You are now on unblocked Google. Use keyboard forward/back keys to navigate.
A WebView through the Eduphoria Lockdown Browser kiosk app. Can also be used for Skiovox 141.
1

Launch Lockdown Browser

Restart and launch Lockdown Browser from the kiosk apps.
2

Click the Eduphoria logo

Click the eduphoria! logo.
3

Open YouTube

Scroll down and click the YouTube logo.
4

Navigate to Google Search

Click Sign In in the top right, then click the small Privacy text. Click the nine-dots icon (hamburger/waffle) at the top and click Search.
Credits: Titanium Network
A WebView through the FastBridge Learning app. Tested on ChromeOS v127. Provides unrestricted browsing in full-screen mode.Limitations:
  • Stuck in full-screen; only one tab at a time
  • Navigate between pages using the arrow keys next to Escape
  • Logging into any Gmail account renders the exploit unusable and requires a powerwash to reset
  • Some pages (GitHub, YouTube, and others) may be blocked at the org level rather than by an extension
1

Log out and open FastBridge

Log out of your Chromebook. Click the FastBridge Learning application in the bottom-left apps category.
2

Click the button in the top right

Click the button at the top right (to the right of Check Status).
3

Go to About → Leadership

Hover over the About us tab and click Leadership.
4

Click the Blackstone link

Scroll down and click the blackstone.com button.
5

Search for Cookie Policy

On the Blackstone page, type Google in the search bar — Cookie policy will appear. Click it.
6

Navigate to the Google logo

Scroll to the contact area and click the email PrivacyQueries@gmail.com. This opens a Google page. Click the Resources tab, then click Blog (other Google pages do not work).
7

Click the Google logo

Scroll to the bottom. Click the Google logo at the bottom left to reach the regular Google search page.
Credits: Solar-Geaux, ext-remover discussion #1174
A WebView through the Illuminate Secure Browser kiosk app (available at device startup).
1

Open Illuminate Secure Browser

Sign out. Go to the Apps section at the bottom left of the sign-in screen and click ILLUMINATE SECURE BROWSER.
2

Select a school

On the school selection screen, type Henry County public school.
3

Click the Renaissance logo

Click the Renaissance logo that says “seeing every student” at the bottom right corner.
4

Sign in with GitHub

When the Microsoft sign-in screen appears, click Sign-in options → Sign in with GitHub → GitHub logo.
5

Navigate to Google

In the search box at the top right, type Google. Click Search all of GitHub. Click the Google link in the infobox on the right. You are now on unblocked Google.
You may not be able to sign in to GitHub on all school networks. If GitHub sign-in is blocked, this exploit cannot be completed.
Credits: SIGMAMEWERSWILLBEMINEYEAH, ext-remover discussion #1357
A WebView through the College Board app (installed via Play Store or as a kiosk app).
1

Open College Board

Open the College Board app.
2

Navigate to Help

Click Student → Need help signing in → Help.
3

Go to Contact Us

Scroll down and click Contact Us (third column, second from top).
4

Navigate through the site

Scroll down a little and click on dssatinfo.collegeboard.org. Click the help/privacy/terms button at the bottom right.
5

Access Google Search

Click the waffle icon at the top right, then click Search in the top middle column. You are now on unblocked Google.
A WebView through the Kahoot Android app. Requires the Kahoot app from the Play Store.
1

Open Kahoot

Open the Kahoot app and navigate to the sign-in page.
2

Sign in with Microsoft

Click Microsoft.
3

Use GitHub sign-in

Click Sign in Options → Sign in with GitHub → GitHub logo at the top.
4

Navigate to Google

In the search box at the top right, type Google. Click Search all of GitHub. Click the Google link in the infobox. You are now on unblocked Google.
Credits: small_child, Titanium Network
Uses a bug in Google Workspace apps opened through their Play Store versions to create a WebView. You must have the Play Store version of the relevant app installed.Open the linked document below matching your app, make a copy of it, and follow the instructions on the sheet — an embedded Apps Script creates the WebView.
AppLink
Google SheetsOpen spreadsheet
Google SlidesOpen presentation
Google DocsOpen document
Go to the URL matching your app, make a copy, then open it in the Play Store app.Credits: S-PScripts
A WebView via the Google Docs Splitview Chrome extension. Works because extension pages (chrome-extension://) cannot be blocked by content filters.
1

Install the extension

Install Google Docs Splitview from the Chrome Web Store.
2

Open any URL in the WebView

Navigate to the following URL (replace [REPLACE URL HERE] with any URL you want to open):
chrome-extension://mhekpeihiapfhjefakclpbmdofbmldcb/html/viewer.html?urls=https://google.com?igu=1
Or with a custom URL:
chrome-extension://mhekpeihiapfhjefakclpbmdofbmldcb/html/viewer.html?urls=[REPLACE URL HERE]
A WebView through the Microsoft Teams app (Chrome Web Store version or Play Store version).
1

Open Microsoft Teams

Make sure Microsoft Teams is in your Apps bar. Open it.
2

Create a new account

Create a new account using random characters until you find a string that has not been registered.
3

Find the GitHub sign-in option

Review the terms of service and explore the sign-in flow options until you see the option to Sign in with GitHub.
4

Navigate to Google via GitHub

Click the GitHub icon. Once on GitHub, search for Google. Click the business/info link on the right that leads to google.com.
Credits: jazzymakesstuff, ext-remover discussion #1416
A WebView through the Coding with Chrome Chrome App. The extension has been removed from the Web Store — you must already have it installed.
1

Open Coding with Chrome

Open the Coding with Chrome app. Select Programming if prompted.
2

Open a Markup template

Click Markup and then click the Form template.
3

Replace the HTML

Delete all the existing HTML and paste in:
<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <a href="https://google.com/">Google">
</a>
</head>
  <body>
  </body>
</html>
4

Click the Google link in the preview

Click the Google link in the preview window. You now have an unblocked Google tab without any blocker extensions.
Credits: adi, Titanium Network
A WebView through the Fusion360 Android app. Provides access to unblocked YouTube and Google. Requires the Fusion360 Play Store app.
1

Open Fusion360

Download and open Fusion360. You will land on the sign-up page.
2

Click Terms of Service

On the sign-up page, click Terms of Service.
3

Navigate to YouTube

Click the YouTube logo at the bottom of the Terms of Service page, then click Autodesk under the YouTube text. You now have unblocked YouTube.
4

Navigate to Google

To get to Google: click Privacy on YouTube. Scroll to the bottom of the Google privacy policy page and click Google.
Credits: Brandon421-ops
Use Google Sheets and Apps Script to create custom WebViews with iframes or embedded pages. Useful for building a persistent bypass cloaker.
1

Create a Google Sheet

Create a new Google Sheet at sheets.new.
2

Open Apps Script

Create a macro or Apps Script file attached to the sheet via Extensions → Apps Script.
3

Paste the WebView code

In the Apps Script editor, paste the following and customize the HTML content:
/** @OnlyCurrentDoc */
function cloaker() {
  let sheet = SpreadsheetApp.getActive()
  let window = HtmlService.createHtmlOutput()
  window.setContent("Insert cloaker HTML code here")
  sheet.show(window)
};
4

Run the macro

Activate the macro from the Google Sheets Extensions → Macros menu. You can also create a clickable image or Google Drawing in the sheet to trigger the macro.
Credits: unluckycrafter, Titanium Network
QuickView creates login windows with arbitrary URLs, allowing unblocked browsing without any extensions. Uses the chrome.identity.launchWebAuthFlow API via a bookmarklet. Part of the {swarm} project.More details: https://ading.dev/blog/posts/quickview.html | GitHub: https://github.com/ading2210/quickview
1

Create a bookmarklet

Create a browser bookmark and set the URL to the JavaScript payload from the QuickView repository or https://quickview-exploit.pages.dev/.
2

Open a blocked tab

Double-click the opener button at the bottom of the QuickView page. This opens a new tab with a URL of about:blank#blocked.
3

Activate QuickView

On the newly opened tab, click the bookmarklet you just created. The QuickView GUI will open.
4

Enter any URL

Type any URL into the input box and click Open Webview. The URL will open in an unblocked WebView window.
5

Reuse the WebView

To open another WebView without returning to the GUI, visit https://www.google.com/# — this persists until a reboot.
Credits: Bypassi#7037, ading2210 (vk6#7391)
Use Aptoide running on now.gg to get an unblocked WebView for any Android app — without needing the Play Store.
1

Open Aptoide on now.gg

Go to https://now.gg and search for Aptoide. Open the app in the cloud.
2

Find your desired app

Type the name of any app you want in Aptoide’s search bar.
3

Install and open

Install the app directly in the now.gg environment and open it.
Credits: Brandon421-ops

Website-Based Unblocking

Open any blocked website by embedding it as a link in a Google Doc exported as PDF. Works with Securly. Reloading or following redirects on the target site will re-block it.
1

Create a Google Doc

Go to docs.new to create a new Google document.
2

Add blocked site links

Add links to the blocked sites you want to visit (e.g., Discord, TikTok).
3

Download as PDF

Go to File → Download → PDF Document (.pdf) and save the file.
4

Open the PDF

Open the downloaded PDF in the ChromeOS PDF viewer.
5

Click a link

Click one of the links you added. The site will likely open without being blocked by the extension.
Bypass GoGuardian and some other filters by prepending a very long string of Among Us emojis to the target URL. The resulting URL exceeds the filter’s processing limit.Construct the URL:
https://<a very large number of Among Us emojis here>@websiteyouwanttogoto
For example:
https://<abunchofamongusemojishere>@slope.ee
Visit the constructed URL. If you see error 414 / “request too large”, add more emojis.
Refreshing the site does not re-block it. Hard reloading (Ctrl+Shift+R) does.
Credits: Segfault (shrey719)
Exploits the browser’s Payment Request API, which opens a small pop-up window that confuses some extension-based filters. The bypass window lasts for 3 minutes per session.What it can do:
  • Browse without history being saved (cookies are still saved)
  • Right-click to go back and forward in the window
What it cannot do:
  • Bypass network-level filters
  • Log into non-school accounts
  • Only one window at a time
This does not seem to work reliably anymore. Results may vary.
Working links:Credits: bypassiwastaken, reactor-coding, S-PScripts, Brandon421-ops
Use the Google Lens right-click context menu to open a sidebar search that isn’t subject to extension filtering. Possibly patched on v135.
1

Right-click anywhere on the page

Right-click on any part of the current page.
2

Click Search with Google Lens

Click Search with Google Lens.
3

Select a region

Select any part of the page with the Lens tool.
4

Dismiss the image preview

A sidebar will open on the right. Hover over the image preview to reveal the X button and click it.
5

Search freely

Type anything in the search box and wait for results. These searches are not saved to your browser history.
Credits: S-PScripts
Use Google Translate to proxy any blocked website through translate.goog.
1

Go to Google Translate

Navigate to https://translate.google.com.
2

Enter the blocked URL

Paste the full URL of the blocked site (including https://) into the left input box.
3

Click the translated link

Click the translated link on the right side. The website should load in an unblocked state.
If translate.google.com itself is blocked, use this URL pattern directly, replacing . in the target URL with -:
https://www-<PUTYOURURLHERE>.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
For example, for roblox.com:
https://www-roblox-com.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
This does not work well with many websites, particularly those that use dynamic JavaScript rendering or strict CORS policies.
Credits: Titanium Network

App Access Exploits

Temporarily disable and re-enable a managed extension to create a brief window during which blocked websites can be accessed. Patched on Chrome v135 and above.
1

Go to chrome://extensions

Navigate to chrome://extensions/. If this URL is blocked, this exploit cannot be performed.
2

Open extension details

Find the managed extension you want to use and click its Details button.
3

Find the toggle

Look for the Allow access to file URLs toggle. If this toggle is absent, the exploit cannot be used with this extension.
4

Toggle it

Toggle the switch. The extension will briefly turn off and back on, giving you a short window to open a blocked website.
Install Android APK files on a managed Chromebook using ADB over the Linux development environment. Installed apps appear in the app launcher.Requirements: Ability to enable the Linux development environment.
1

Enable Linux development environment

Open Settings → System and enable Linux development environment.
2

Enable developer options in Android settings

Go to Apps → Manage Google Play preferences → Android Settings → About. Tap Build Number 7 times to enable developer options.
3

Enable ADB in ChromeOS settings

Back in ChromeOS Settings, once Linux finishes installing, open the Linux submenu and enable Develop Android apps. Reboot and confirm when prompted.
4

Enable wireless debugging

In Android Settings → System → Developer options, enable ADB debugging and Wireless debugging. Note the IP address and port shown.
5

Install ADB in Linux

In the Linux terminal, run:
sudo apt update
sudo apt install adb
6

Connect ADB to Android

Connect ADB to your Android environment:
adb connect <ip:port>
Allow USB debugging when prompted, then rerun the command.
7

Install the APK

Copy your APK file to Linux using the Files app. List connected devices and install the APK:
adb devices
adb -s emulator-XXXX install <filename.apk>
Replace emulator-XXXX with the emulator device ID shown by adb devices.
Credits: xmb9, Titanium Network
Unlock the Play Store temporarily during a managed Chrome Device Manager notification window on ChromeOS v106. Requires a home (personal) account to be added first.
1

Trigger the Chrome Device Manager notification

Begin upgrading, powerwashing, or recovering your device. Wait for the Chrome Device Manager notification to appear.
2

Log out or restart when the notification appears

Log out, shut down, or restart immediately when the notification appears. Locking the screen does not work.
3

Open the Play Store

Open the Play Store and keep it open. Try downloading some apps. Switch around but do not switch accounts — that may lock you out.
4

Add your school account in Settings

Go to Settings → [your school account name] → Add account. Do not go to Android Settings for this step.
Method 2: After powerwashing, recovering, and re-adding your account:
  1. The moment Chrome Device Manager pops up, navigate to chrome://restart.
  2. After the restart, open Google Play and switch to your home (personal) account.
Credits: r58Playz, Titanium Network

Build docs developers (and LLMs) love

Get started for freeTalk to us