Chrome sandboxed

Discussion in 'sandboxing & virtualization' started by Overkill, Jun 25, 2015.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  3. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @Rasheed187 Money makes the world go 'round, as they say. With a near endless supply of money available toward bug bounties, I can see why searching for elusive security vulnerabilities in Chrome would be popular among developers.
     
  4. Besides their bounty program it is also their near cult approach to re-useability and modesty (use what is already there) to reduce the number of code written. Less code means less errors and smaller attack surface.

    Google Chrome uses an unmatched automated tesing environment for regression testing see https://developers.google.com/google-test-automation-conference/
     
  5. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    I have chrome installed on linux lite and it indeed runs better than on mint.
    How do i access command line and switches in chrome as i have seen these terms mentioned here often.
     
  6. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    If you are referring to the nitty gritty goodies, type the following into the address bar:
    chrome://flags

    If you are referring to actual external command line switches, see:
    http://peter.sh/experiments/chromium-command-line-switches/
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Perhaps because Sandboxie is quasi-unhackable? ;)
     
  9. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    You should send them a message to test a tightly and properly configured Sandboxie, I would send them a message if I could catch some free time, if anyone has free time to send them a message to test a tightly and properly configured Sandboxie-please DO IT!
    Thanks to all
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Quite the wild claim you got there, who exactly believes Chrome is unhackable? Not that it's aimed at anyone, but please don't give in to prejudice.

    All I was saying is SBIE is not necessary in the real world with safe computing habits, and there are better alternatives like anti-exploit for some (especially regarding computing convenience)
     
    Last edited: Feb 12, 2016
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, I did get the impression that some think Chrome will never be hacked ITW, but the Hacking Team exploit already proved it's still a possibility no matter how safe Chrome is. And yes, anti-exploit makes more sense especially if you want to block rather than contain malware.

    Anything can be hacked especially if kernel exploits are being used. But security tools are not often directly attacked, so probably that's why they focus mostly on browsers and plugins. However, they will try to hack VMware which you don't often see.
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Don't think anyone explicitly said Chrome is unhackable ITW, but yeah Hacking Team was quite the eye-opener. Who knew Flash could be any less secure? As for anti-exploit, that is simply a better security vs convenience trade-off for me.

    Indeed, maybe it has to do with the variety and ineffective design of some security tools (meaning not much more work bypassing them). I bet there will be more VMware exploits than Chrome ones TBH.
     
  13. Question to all sandboxie fans: When will Sandboxie be able to use AppContainer sandbox?

    Please ask at sandboxie forum
     
  14. guest

    guest Guest

    yes this is the real question. :D

    from what i observed:

    - most of chrome processes can be placed under AppContainer integrity , but NOT all of them.
    - ALL Sandboxie-ed chrome's processes are under Untrusted integrity
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm not so sure about this, because if you need to bypass not only the browser sandbox but also security tools like HMPA, MBAE and Sandboxie, it will only get harder, especially if you're not allowed to use kernel exploits.
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I mean the usual suspects, not these niche products nobody has heard of! :p
     
  17. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    I can't really believe I'm posting in this thread as it should have been dead long ago but I'm interested in this element also. I guess I can't really work out why SBIE running all Chrome processes as Untrusted is not safer than AppContainer allowing some processes to run at Low and Medium.

    My understanding is the Chrome broker needs to communicate with the rest of the system so needs more privileges to do so but that when sandboxied that communication activity is controlled by SbieSvc.exe allowing the integrity of all the Chrome processes to be reduced (although SbieSvc is running as System). Is that correct? If so then is the suggestion that if something was to escape the Untrusted Chrome processes it could attack SbieSvc.exe running as System and therefore have greater access to the wider system?

    I'm not really asking for a repeat of the arguments about how likely scenario A is over scenario B and this is not a challenge to what are obviously strongly held opinions just an attempt to get someone to explain to me why everything running Untrusted is not as safe as only some things running at AppContainer.

    (Normally Google would be my friend for this type of stuff but I find anything I've seen so far on integrity levels somewhat opaque and I can't find anything in layman terms telling what AppContainer actually does other than 'it's really good, trust me'.)

    Can't see any answer changing my view as SBIE allows me to easily run Chrome in a Ram Disc and restricts file access as well as restricting behaviour and I'm unlikely to want to change that or add additional softs to achieve it unless Chrome in SBIE fundamentally weakened security. No-one in this thread has suggested that from what I've read. As I say just hoping for something a bit more detailed than AppContainer is safer and you'll just have to take my word for it.

    Thanks
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  19. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    Thanks. Yeah I kinda get why SBIE doesn't protect things running in AppContainer, and that Tzuk himself said it didn't need to because AppContainer was inherently safe, but why it is safer than SBIE running all processes Untrusted is what I'm trying to understand.

    Cheers
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    You're welcome and I would be satisfied if you figure out that too as I want to know as well.
     
  21. Because it blocks kernel access and runs with Null permission which blocks access to registry and all folders, except the AppData folder of the App runing AppContainer itself in AppData.

    To make this OS sandbox useable, Microsoft developed capabilties. A capability is for instance Internet Acces. Without explicitly given (granted) such a capabilty the App can't use that capabilty (there off by default).

    So running in AppContainer is like running in a Super tightly manually configured Sandboxie sandbox (with less attack surface because it can't access kernel.)

    But Tzuk explained it himself, an Application sandbox adds no security to an OS sansbox (which AppContainer is). Sbie still has the advantage of virtualisation and flushing they Application sandbox afterwards.

    AppContainer is only available on Windows 8 and higher, so windows 7 OS and older don't have this option.

    Lastly Sandboxie will no doubt monitor most important kernel App/hooks. So this does not mean that Untrusted + Sbie kernel filter + a manually configured Sandboxie is weaker as an AppContainer sandbox.

    By using Chrome's Win32 lockdown feature and a tightly configured sandbox, you are probably as good as AppContainer (while still enjoying session cache flush after closing down the leader program in the sandbox).

    Win32lockdown switch of Chrome practically blocks access to half of the kernel, Sbie kernel filter will protect you from misuse of the other half.

    Hope this explains (I am not a Sbie basher, just like to tease sbie fanboys with misperceptions on Security)
     
    Last edited by a moderator: Feb 17, 2016
  22. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    Thanks. Yes this really useful. Much appreciated.

    It is how my uninformed mind imagined the ways thing worked but I had picked up the impression that some considered the Chrome AppContainer switch in the latest versions was somehow a game changer that should convince a humble SBIE fanboy like myself to see the light in terms of the original thrust of this thread.

    If it wasn't for the fact that I simply don't trust M$ not to monetize the information sent back from the Modern Apps or use the telemetry to spam me 'in App' I'd likely use them more for things like viewing PDFs or playing media files knowing how tightly they are secured. At least with SBIE I can restrict 'capabilities' like internet access from the old school alternatives I've chosen to use to prevent them phoning home.

    Regards
     
  23. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Every time your post about this you give me confusions, so is Chrome with AppContainer more secure than Chrome running inside of tightly configured Sandboxie or not?
    Why can't you simply say simple yes or simple no?

    Also, Chrome's Win32k lock down is actually better than Sbie kernel filter protecting from misuse, because Sbie kernel driver does not lock down kernel at all-it only redirects, that's a huge difference, a total lock down is always better and more secure than virtualization and redirecting-you are aware of that.
    For example take exploits, when your system is lock down there is no exploit that can hurt you, while exploit can still easily hurt your computer security when you have virtualization and redirecting-because nothing is actually lockdowned/locked, everything is actually opened, even though it is contained in the sandbox (of course I mean on tightly configured Sandboxie, here).

    Chrome's Win32 lockdown feature and a tightly configured sandbox (inside Sandboxie, of course) is as secure as the AppContainer plus Chrome. Because, you cannot really block exploits with Sandboxie, you can only contain them, Sbie cannot lock kernel, like Chrome can with Win32k lock down-locking and containing something (in this case kernel) are 2 entirely different things.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I advise you to not post anymore questions, because clearly you didn't understand the end conclusion of this thread. :D
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Sheesh...some people need to realize not everyone here speaks native English :(

    @CoolWebSearch,

    the important part of kees' post seems to be:

    Bolding from me. The operative word would be probably. I would say it's up to you to decide if you need to run Chrome in Sandboxie under Windows 8 or higher. The implication being there is little, if any, difference in security benefits between the two setups. You would have the added benefit of session cache flush using Sandboxie.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.