Chrome's Medium IL Broker process connects to Web

View previous topic View next topic Go down

Chrome's Medium IL Broker process connects to Web

Post by wat0114 on 22/2/2012, 08:32

This is something I discovered a little earlier today. Unlike IE9, whos Child Process running at Low IL establishes the Internet comms as one would expect, at least I would anyway, Chrome's Broker process makes these connections! I can reproduce this several times over, even connecting with a new tab open.

ProcessID 2912 this process is running @ Medium IL
Application \device\harddiskvolume1\program files (x86)\google\chrome\application\chrome.exe
Direction %%14593
SourceAddress 192.168.1.68
SourcePort 5086
DestAddress 74.125.225.31
DestPort 443
Protocol 6

Of course I don't know how Chrome's sandboxing feature works. Does it maybe force the Medium IL process' web content to the Low IL one? One thing's for sure, it does not work like IE's, because its Low IL Child process always makes the network comms to the web. Just wondering if anyone can explain this or provide thoughts on why it works this way?

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Guest on 22/2/2012, 09:26

This may shed of a few lights: -http://dev.chromium.org/developers/design-documents/multi-process-resource-loading


All network communication is handled by the main browser process. This is done not only so that the browser process can control each renderer's access to the network, but also so that we can maintain consistent session state across processes like cookies and cached data. It is also important because as a HTTP/1.1 user-agent, the browser as a whole should not open too many connections per host.

Guest
Guest


Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Guest on 22/2/2012, 09:27

Poor m00nbl00d is running with an explicit low IL... living dangerously... Laughing

Guest
Guest


Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by wat0114 on 22/2/2012, 09:43

m00nbl00d wrote:This may shed of a few lights: -http://dev.chromium.org/developers/design-documents/multi-process-resource-loading


All network communication is handled by the main browser process. This is done not only so that the browser process can control each renderer's access to the network, but also so that we can maintain consistent session state across processes like cookies and cached data. It is also important because as a HTTP/1.1 user-agent, the browser as a whole should not open too many connections per host.

Thank you, m00nbl00d, I kinda' figured you would clarify this Very Happy Now I wonder why MS is able to do things differently with IE, where the Low IL process connects to the Internet? Doesn't their approach make more security sense? An article on how it works with IE9:

-http://msdn.microsoft.com/en-us/library/bb625962.aspx

The broker process is started at medium integrity level when the user clicks on the Internet Explorer icon or on a URL link. The broker checks the URL and zone policy and launches a child process, iexplore.exe, at the low integrity level to make the Internet connection and render the web page. [...]Everything the user experiences in the Internet Explorer Web browser is done inside the low integrity process. A few specific operations, such as changing Internet Options settings, or the Save as file dialog, are handled by the broker process. If the URL is a trusted site, based on the default zone policy settings, the broker process starts a different instance of iexplore.exe in a medium-integrity process. All browser extensions and ActiveX controls run inside the low-integrity process. This has the advantage that any potential exploit to a browser extension is also running at low integrity.

I find it interesting that Chrome chooses a sort of "opposite" approach, but obviously they have their reasons.

m00nbl00d wrote:Poor m00nbl00d is running with an explicit low IL... living dangerously... Laughing

Do you force the Broker process to Low IL?

*EDIT* I'm trying to make sense of the Chrome explanation. Clearly the Medium IL broker handles web connections as explained, then the pages are rendered in the Renderer process. Are they run at Low IL?

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Guest on 22/2/2012, 21:32

Yes, the Renderer processes run at low integrity level. A few may run with medium integrity level, but those would be hosting plugins that, unfortunately, software developers are lazy to make them work at low integrity level. One example being Java.

This actually made me think of what that Microsoft MSDN article mentions. They mention that All browser extensions and ActiveX controls run inside the low-integrity process. Is that true for Java?

I know that Java can run almost fine in a low integrity level process. There are some issues, though.

And yes, I do run Chromium in full low integrity level. Very Happy Or, in other words, both Broker and Renderer run in low integrity level. For instance, if the VUPEN exploit became a widespread reality, I would not fall victim to it. There's no how to escape from low to medium/high, because it's all low.

Guest
Guest


Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by wat0114 on 23/2/2012, 07:42

Thank you m00nbl00d!

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Guest on 23/2/2012, 08:57

You're welcome. By the way, if you ever go back to Google Chrome, I think I've found the command-line switch allowing to force the PepperFlash/PPAPI version of Flash Player.

It should be --enable-bundled-ppapi-flash

This page should give an overview of the differences between NPAPI and PPAPI plugin: -http://www.chromium.org/nativeclient/getting-started/getting-started-background-and-basics#TOC-Netscape-Plugin-API-NPAPI-

Guest
Guest


Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by wat0114 on 23/2/2012, 11:00

m00nbl00d wrote:You're welcome. By the way, if you ever go back to Google Chrome, I think I've found the command-line switch allowing to force the PepperFlash/PPAPI version of Flash Player.

It should be --enable-bundled-ppapi-flash

This page should give an overview of the differences between NPAPI and PPAPI plugin: -http://www.chromium.org/nativeclient/getting-started/getting-started-background-and-basics#TOC-Netscape-Plugin-API-NPAPI-

Thanks, I have Chrome installed, so I'll give that a try but I've recently migrated from Firefox to Waterfox w/NoScript and Cookie Monster plug-ins Smile

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Guest on 24/2/2012, 01:07

wat0114 wrote:
m00nbl00d wrote:You're welcome. By the way, if you ever go back to Google Chrome, I think I've found the command-line switch allowing to force the PepperFlash/PPAPI version of Flash Player.

It should be --enable-bundled-ppapi-flash

This page should give an overview of the differences between NPAPI and PPAPI plugin: -http://www.chromium.org/nativeclient/getting-started/getting-started-background-and-basics#TOC-Netscape-Plugin-API-NPAPI-

Thanks, I have Chrome installed, so I'll give that a try but I've recently migrated from Firefox to Waterfox w/NoScript and Cookie Monster plug-ins Smile

No problem. Hopefully, it will work. It should work with Chromium... Suspect

Guest
Guest


Back to top Go down

Re: Chrome's Medium IL Broker process connects to Web

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum