Why do I have CefSharp.BrowserSubProcess files in 2 different locations with different signatures? | Razer Insider
Skip to main content
Question

Why do I have CefSharp.BrowserSubProcess files in 2 different locations with different signatures?

  • November 8, 2023
  • 5 replies
  • 3192 views

WARCR1MEZ

I’ve been noticing that my CPU usage & GPU usage have been higher than usual. Upon investigation in my Task Manager I noticed that Razer Synapse was using up to 10 CefSharp processes and using 14% of my CPU. This was causing me in game lag by bottlenecking my CPU (this is normally never an issue). I’ve read that this file should not be outside of This PC - Windows C - Program Files 86 - Razer - Razer Services - Razer Central (older conversation on a different website). The  thread said that if it is in any other location that it is a Virus (coin mining). The CefSharp file located in the folder mentioned above was last used on August 7 2023. The new file was modified on November 1 2023 and is located in the Razer Framework Folder here: This PC - Windows C - Program Files 86 - Razer - Synapse 3 - WPFUI - Framework - Razer Synapse 3 Host - I notice that when I open the properties folder of this and go to Digital Signatures it does not have the SHA-256 signature that the other file has. It is very suspicious but I do not want to remove it until I get some response from someone at Razer that knows about these things in detail. 

 

The other file in Razer Central Folder has this signature: Razer USA Ltd. sha256 and was revoked on November 6 2023 when I investigate further. 

My concern is that someone is using my GPU/CPU to mine crypto currency and my Norton Antivirus is not detecting it because it is masked as a trusted folder/file. 

If anyone else could please check the folders listed above and tell me if you have the same signatures, times (or close), that would give me some peace of mind. 


Lastly, why is it opening 5-10 of these cefsharp processes in task manager? I only use Razer Kraken, Cynosa V2 Keyboard, and a mouse (forgot name). My research shows me  that this file is easily manipulated for coin mining even without downloading anything or it may have come through masked as a legitimate update  using windows framework. I need to get to the bottom of this because this just recently happened. I have very good Norton 360 for Gamers, and Malwarebytes subscription and nothing is detected.

 

Can I delete the older folder with or the new one and continue to use my Razer Synapes application??? Please help and thank you for your time.

 

-WarCr1mez

Did this topic help you find an answer to your question?

5 Replies

WARCR1MEZ
  • Author
  • Insider Mini
  • 1 reply
  • November 8, 2023

Computer Specs & Hardware:

B450M DS3H Wifi 

Ryzen 5 5600x 

RX6650XT GPU DDR6x 

Corsair Vengeance 32gb RAM 3600mhz

2TB Hard Drive SATA 

1TB M.2 NvMe Samsung 980 SSD

256GB SSD SATA (Boot Drive where files are located)

Age: 4 years old (parts upgraded recently)

 


  • Insider Mini
  • 1 reply
  • February 20, 2024

no response. i am not surprised. razer’s silence is deafening.

they dont know themselves why their own software uses cef. its quite astonishing.


xsomix
  • Insider Mini
  • 1 reply
  • April 15, 2024

Delete the files and download it again what you gonna lose?


Cringe they wontt reply, shady as a mf


  • Insider Mini
  • 1 reply
  • January 10, 2025

I had something that kept opening and closing, and it was bothering me. I realized it was using the location data, so I blocked all location data. After a few hours, I got a notification that CefSharp.BrowserSubProcess was asking for the location. I looked it up and lo-and-behold, Razer was running six instances of this thing.

Now my question is : why the hell does my mouse need to know my location?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings