info on Chromium browser needed

Another option would be to create a folder... where ever you want it... and give ownership to admins and remove write permissons to that folder.

It's faster and easier to copy it to Program Files, though.

 

Something to have under consideration, I think...

We have been discussing the potential dangers of having many areas with a low IL. While they're valid, those aren't the only real and theoretical concerns.

Let's take as an example the default Google Chrome ILs. I don't think there would be a need for a direct exploit against Google Chrome, to bend over its sandbox.

We could go around it.

Let's consider this scenario. By default Google Chrome installs to user space, am I correct? If so, then all it would take to break Google Chrome's sandbox would be to operate from the outside... To bend it over from the outside.

How so? Imagine another Internet facing application, for example, such as an e-mail client.

We all agree that every application has its fair share of bugs. I'm thinking about the security bugs.

Now, imagine an e-mail client that has a known security bug/known security bugs, either to us all or known to the attackers only. But, most likely it wouldn't even be needed for a security bug to exist... An user could be tricked to run something.

All it would take to break Google Chrome's sandbox, would be for this something to execute with MEDIUM rights and RAISE Google Chrome's IL to an explicit MEDIUM IL.

Considering that 99% of Google Chrome users aren't aware of this kind of thing... They aren't taking needed measures to prevent a pontential threat, in this scenario. So, Google Chrome could be operating with a MEDIUM or even HIGH integrity level all the time, if we consider users running without UAC.

Within the context of an account, any process can raise an IL to its level.

Is it time for Google to reconsider to make Chrome install to Program Files? At least, those running an admin. account with UAC would be safeguarded against this potential threat, which otherwise would need an exploit to escalate privileges.

-edit-

And, those running in a standard user account would be safeguarded against an explicit MEDIUM IL.

-edit-

I mean, these users could potentially be running Google Chrome with higher IL (same as the accounts in question) all the time... I think this is something to consider.

 

Why would a program possibly give a damn to attack Chrome once it's already on your computer?

edit: Especially since Low IL is only a minor part of Chrome's security scheme.... and especially since Chrome is not the easiest program to attack.

No, I'd much rather attack another program if I were trying to (for whatever reason) exploit it after already infecting the user.

 

That would depend on the attacker's desire, I believe. If the initial infection only takes place within user space, and not system-wide. If I were the attacker, I'd rather want kernel access, instead of living in user space.

As you say, Google Chrome isn't that easy to exploit, though it's possible, even if via third-party plugins, such as what VUPEN demonstrated.

But, the Low IL of the children processes does come into play. If this part of the sandbox is not that important, then why use it, at all?

Then, I guess you'd be saying that it would be perfectly safe for everyone to explicitely run Google Chrome with a high integrity level? I'm saying this because you're saying the Low IL is not important. If it's not important, and Google Chrome is simply strong, then why not simply run either with full-blown Medium or High IL?

I do believe the Low IL does play an important role, otherwise I don't think Google would have bothered implementing it.

I guess then Opera and Mozilla shouldn't make use of it for their browsers. It isn't that important?

Anyway, by enforcing Google Chrome to an explicit medium/high integrity level, part of the sandbox is already broken, and therefore it would be* easier to break out of the rest of it, than it would be with the low integrity level.

* I'm saying it would be... if all the ingredients for such scenario would become a reality. But, bending over one of them, from the outside, makes things a bit easier.

 

Is there a conclusive opinion which is more secure/ less intrusive: Chrome vs Chromium?

 

I don't know myself. I am a portable app sort of fellow, and thus I like being able to download Chromium and do with it what I like. TBH Chromium and Chrome seem identical. Using Chromium I don't have to bother myself with what is in Chrome.

Sul.

 

of course, Chromium being always in a perpetual 'beta' stage means you might get a version that doesn't play nice with some sites.

last week, i was checking a government site about road conditions/constructions and Chromium could not render properly some popup windows displayed in an iframe.

there was no problems with either Chrome or IE9.

i since then 'installed' the Chrome 12 portable from Portableapps.com.
that seems to work ok and i have it running under Sandboxie.

 

That only shows that no browser will be the one ruling them all. For instance, a relative of mine was having problems saving PDF files from the bank's website, and also certain parts of other websites. Chromium had no issues allowing such.

Now, my relative wants nothing but Chromium. My relative sees it as a more responsive browser.