Is chrome's dll blacklist feature blocking your security application's dll?

Have not started a controversial discussion recently, so take a shot at this .

Have a read http://www.chromium.org/Home/third-party-developers#TOC-New-Troublesome-DLLs-to-be-blocked

Sandbox blacklist code comments, suggest loaded injected dll's are loaded but not executed

Renderer blacklist are also read from registry.

Check out these blacklists, whether your security application is (black)listed (so it does not work and is reduced to fake security)
a) https://code.google.com/p/chromium/codesearch#chromium/src/content/common/sandbox_win.cc&l=43
b) https://code.google.com/p/chromium/codesearch#chromium/src/chrome_elf/blacklist/blacklist.cc&l=24



Regards Kees

 

It works blacklisted windows live ID The HKCU entry gets overwritten to space, so next time it will be loaded again.



After applying the registry tweak

 

Well tested a bit more and blocking DLL's seems to work for side by side injections. Injections from higher Integrity level processes (admin or system) are still injected for dll's on the renderer blacklist.

When dll is on sandbox blacklist chrome is not able to block injection, but seems to prevent code from executing somehow (see first code quote of post above). This probably explains why Chrome has two levels of blacklisting.