Skip to content
June 10, 2014 / Br Labs

Chrome dances with wolves

  ” Lasker does not play chess, he plays dominoes. ” – David Janowski, 1910

Alice sees her “browser” as the computer, not the network or operating system. This trend will only get stronger as BYOD takes hold. We’re in a brave new world, where traditional security models based on clear boundaries break down. Modern browsers’ cornerstone security approach, same-origin policy, entails significant complexity and controls only a limited subset of cross-domain interactions. Highly granular isolation within this context ends up breaking existing web-apps. In an odd way, one can see flashbacks and parallels to the old MS-DOS era.

Google Chrome is tipped for primacy as the definitive web-browser. They were among the first to deploy separate protection domains that made it more difficult, and perhaps more exciting, for Eve. Chromium architecture assigns the browser kernel to interact with the underlying OS on behalf of the user. It’s rendering engine deals with “the web” via a high-quality sandbox. Thus, historically high-risk components such as the HTML parser, the JavaScript virtual machine, and Document Object Model (DOM) became more difficult to leverage. Overall, Google’s browser is a strong candidate for secure browsing.

However, the state of the art in exploitation is now more dominoes than chess. Eve can bypass the sandbox via techniques ranging from kernel exploits to plugins to get to Alice. We now take a look at what happens with just a few tricks from an evergreen bag.

Let’s install the latest:

win_update

Alice then confidently proceeds to browse to her favorite videos. Unfortunately, Eve has compromised the site and planted an exploit with a custom payload. Conventional layers of defense including AV, sandboxes and firewalls fail to stop the attack:

before_custom

If Alice was protected by vSentry, the attack would have been captured within a micro-VM. Her SOC team would then be able to trace Eve’s tracks via LAVA:

afterannotated

Perhaps, Chrome should dance with Bromium.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: