Visible to the public "The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing

Title"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing
Publication TypeConference Paper
Year of Publication2016
AuthorsJia, Yaoqi, Chua, Zheng Leong, Hu, Hong, Chen, Shuo, Saxena, Prateek, Liang, Zhenkai
Conference NameProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Date PublishedOctober 2016
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4139-4
Keywordsbrowser design, browser security, data-oriented attacks, Human Behavior, pubcrawl, Resiliency, Scalability
Abstract

Process-based isolation, suggested by several research prototypes, is a cornerstone of modern browser security architectures. Google Chrome is the first commercial browser that adopts this architecture. Unlike several research prototypes, Chrome's process-based design does not isolate different web origins, but primarily promises to protect "the local system" from "the web". However, as billions of users now use web-based cloud services (e.g., Dropbox and Google Drive), which are integrated into the local system, the premise that browsers can effectively isolate the web from the local system has become questionable. In this paper, we argue that, if the process-based isolation disregards the same-origin policy as one of its goals, then its promise of maintaining the "web/local system (local)" separation is doubtful. Specifically, we show that existing memory vulnerabilities in Chrome's renderer can be used as a stepping-stone to drop executables/scripts in the local file system, install unwanted applications and misuse system sensors. These attacks are purely data-oriented and do not alter any control flow or import foreign code. Thus, such attacks bypass binary-level protection mechanisms, including ASLR and in-memory partitioning. Finally, we discuss various full defenses and present a possible way to mitigate the attacks presented.

URLhttps://dl.acm.org/doi/10.1145/2976749.2978414
DOI10.1145/2976749.2978414
Citation Keyjia_web/local_2016