Chrome dances with wolves

Author: No Comments Share:
  ” Lasker does not play chess, he plays dominoes. ” – David Janowski, 1910

Alice sees her “browser” as the computer, not the network or operating system. This trend will only get stronger as BYOD takes hold. We’re in a brave new world, where traditional security models based on clear boundaries break down. Modern browsers’ cornerstone security approach, same-origin policy, entails significant complexity and controls only a limited subset of cross-domain interactions. Highly granular isolation within this context ends up breaking existing web-apps. In an odd way, one can see flashbacks and parallels to the old MS-DOS era.

Google Chrome is tipped for primacy as the definitive web-browser. They were among the first to deploy separate protection domains that made it more difficult, and perhaps more exciting, for Eve. Chromium architecture assigns the browser kernel to interact with the underlying OS on behalf of the user. It’s rendering engine deals with “the web” via a high-quality sandbox. Thus, historically high-risk components such as the HTML parser, the JavaScript virtual machine, and Document Object Model (DOM) became more difficult to leverage. Overall, Google’s browser is a strong candidate for secure browsing.

However, the state of the art in exploitation is now more dominoes than chess. Eve can bypass the sandbox via techniques ranging from kernel exploits to plugins to get to Alice. We now take a look at what happens with just a few tricks from an evergreen bag.

Let’s install the latest:

win_update

Alice then confidently proceeds to browse to her favorite videos. Unfortunately, Eve has compromised the site and planted an exploit with a custom payload. Conventional layers of defense including AV, sandboxes and firewalls fail to stop the attack:

before_custom

If Alice was protected by vSentry, the attack would have been captured within a micro-VM. Her SOC team would then be able to trace Eve’s tracks via LAVA:

afterannotated

Perhaps, Chrome should dance with Bromium.

Previous Article

Chrome Perfected: Fast, Massively Secure and Gloriously Private (1/2)

Next Article

Application Security Training

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *