Is chrome's dll blacklist feature blocking your security application's dll?

Discussion in 'other anti-malware software' started by Windows_Security, Mar 7, 2015.

  1. Have not started a controversial discussion recently, so take a shot at this :D .

    Have a read http://www.chromium.org/Home/third-party-developers#TOC-New-Troublesome-DLLs-to-be-blocked

    Sandbox blacklist code comments, suggest loaded injected dll's are loaded but not executed
    Renderer blacklist are also read from registry.
    Check out these blacklists, whether your security application is (black)listed (so it does not work and is reduced to fake security)
    a) https://code.google.com/p/chromium/codesearch#chromium/src/content/common/sandbox_win.cc&l=43
    b) https://code.google.com/p/chromium/codesearch#chromium/src/chrome_elf/blacklist/blacklist.cc&l=24



    Regards Kees
     
    Last edited by a moderator: Mar 7, 2015
  2. It works blacklisted windows live ID :cool: The HKCU entry gets overwritten to space, so next time it will be loaded again.

    Untitled.png

    After applying the registry tweak

    Untitled2.png
     
    Last edited by a moderator: Mar 7, 2015
  3. Well tested a bit more and blocking DLL's seems to work for side by side injections. Injections from higher Integrity level processes (admin or system) are still injected for dll's on the renderer blacklist.

    When dll is on sandbox blacklist chrome is not able to block injection, but seems to prevent code from executing somehow (see first code quote of post above). This probably explains why Chrome has two levels of blacklisting.
     
Loading...