 |
|
project zeus |
|
 |
"You will not be informed of the meaning of Project Zeus until the time is right for you to know the meaning of Project Zeus."
|
|
 |
|
|
|
|
|
The Chrome Sandbox Part 2 of 3: The IPC Framework
|
|
|
This post is the second part of a 3-part series about the Chrome sandbox. In the first post, I presented a basic overview of the Chrome process architecture and presented a breakdown of the attack surfaces for performing privilege escalations. This post continues our exploration of Chrome by focusing on one of the major attack surfaces identified - the IPC framework. As detailed in the previous post, this framework is used by Chrome to expose functionality to other processes by exporting a number of callback methods that client processes may invoke, much in the same way that traditional RPC client/server interaction occurs. This post discusses the inner workings of the IPC framework - a background to how it works, how messages are serialized and routed, and how to enumerate the attack surface to find processing exposed to untrusted inputs. Several vulnerabilities that were uncovered during my audit are also presented to help illustrate what kind of vulnerabilities can occur at various levels of process interaction.
Read more »Labels: Browsers, Chrome, Privilege Escalation, Sandbox, Vulnerabilities
|
|
|
|
The Chrome Sandbox Part 1 of 3: Overview
|
|
|
Earlier this year, CanSecWest hosted the popular "Pwn2Own" contest, whereby contestants attempt to exploit vulnerabilities they have discovered in popular software packages. The contest has a strong focus on web browsers, and this year, it didn't disappoint: all of the major web browsers were successfully compromised, with the notable exception of Google's Chrome. I believe Chrome's survival was largely due to its integrated sandbox, which aims to isolate the browser from being able to perform any potentially adverse operations on the system upon which it is running. I have been working with Google for the last several months on Chrome, with one of my major charges being a security review of the sandbox and its related components. Therefore, with Google's blessing, I thought I might take some time here to discuss the basic sandbox architecture, the attack surface, and present a few examples of vulnerabilities I uncovered during my time working on it.
Read more »Labels: Browsers, Chrome, Privilege Escalation, Sandbox, Vulnerabilities
|
|
|
|
