Google Chrome Plans To Block AV Module Process Injection

From that same page:

 

What I wonder about if this will also block banking trojans, who normally speaking also inject code into the browser process?

 

Yes, as long as the banking trojan is not Microsoft signed...

 

It is also interesting for me.

I don't think so. Fine grained in-app privilege-separation (which means programmers/developers need to use several system-level processes for different purposes) can better restrict app than outside approach.

 

I don't know all the implications of this, but it sounds good. Better isolation of browser and operating system.

 

What I basically meant is that the end-goal which is to run malware will be successfully stopped by Sandboxie 99% of the time. That doesn't mean that browser security isn't important, it's still necessary to code browsers in a way that remote code execution is hard to achieve.

If it will be using the same method as Edge, it's apparently not good enough to block banking trojans:

http://www.sekoia.fr/blog/microsoft-edge-binary-injection-mitigation-overview/

 

I think they are aware of it and doing it in a different way or are implementing additional checks. We'll see

 

From a Webroot point of view:

"Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes." http://www.theregister.co.uk/2017/11/30/google_chrome_antivirus_shutout/

And from a Webroot Web Shield Developer: https://community.webroot.com/t5/Se...-meddling-Windows-antivirus/m-p/307923#M39018

"On first read, Google Chrome folks want people to use extensions and comply with their standards - which is what we do with our stuff.

We'll keep on an eye on what they are requiring for sure.

Jonathan"

 

January 2019? I was hoping it would be sooner

 

Interesting stuff, so Google thinks that it will be able to offer the same protection methods via Native Messaging API calls or Chrome extensions? I highly doubt this, especially when it comes to anti-exploit tools.

 

https://www.blog.google/topics/conn...and-more-enterprise-chrome-browser-customers/

 

Cool, didn't know about this feature.