Is chrome's dll blacklist feature blocking your security application's dll?

Discussion in 'other anti-malware software' started by Windows_Security, Mar 7, 2015.

  1. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    Have not started a controversial discussion recently, so take a shot at this :D .

    Have a read http://www.chromium.org/Home/third-party-developers#TOC-New-Troublesome-DLLs-to-be-blocked

    Sandbox blacklist code comments, suggest loaded injected dll's are loaded but not executed
    Renderer blacklist are also read from registry.
    Check out these blacklists, whether your security application is (black)listed (so it does not work and is reduced to fake security)
    a) https://code.google.com/p/chromium/codesearch#chromium/src/content/common/sandbox_win.cc&l=43
    b) https://code.google.com/p/chromium/codesearch#chromium/src/chrome_elf/blacklist/blacklist.cc&l=24



    Regards Kees
     
    Last edited: Mar 7, 2015
  2. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    It works blacklisted windows live ID :cool: The HKCU entry gets overwritten to space, so next time it will be loaded again.

    Untitled.png

    After applying the registry tweak

    Untitled2.png
     
    Last edited: Mar 7, 2015
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    Well tested a bit more and blocking DLL's seems to work for side by side injections. Injections from higher Integrity level processes (admin or system) are still injected for dll's on the renderer blacklist.

    When dll is on sandbox blacklist chrome is not able to block injection, but seems to prevent code from executing somehow (see first code quote of post above). This probably explains why Chrome has two levels of blacklisting.
     
Loading...