Security Considerations – ChromeDriver – Webdriver for Chrome

by

How Google Chrome Browser Works

In the article Chrome Browser Security @STEPHANIE CRAWFORD mentioned, Google has leveraged its power as a search engine by creating its Safe Browsing technology which will automatically warn you if Chrome detects that a site you’re visiting contains malware or phishing.

Chrome deploys this security measure through a unique security feature termed as Sandboxing. Sandboxing implies, separating each process out into independent spaces to see how they function individually. Chrome handles its workload as a series of multiple processes rather than as part of one large browser process. Each time you open a Web page, Chrome launches one or more new processes to run the scripts on that page. Also, each Chrome extension and app runs in its own process. Chrome implements sandboxing through its multi-process architecture. The security advantage in sandboxing comes with Chrome being able to control the access token for each process. These access token for a process allows that process access to important information about your system, like its files and registry keys. Chrome intercepts each access token from the processes launched from the browser, and it modifies that token to limit its access to that information. So, Chrome’s sandboxing helps block web pages that try to install malware, capture your personal information or obtain data from your hard drive. The drawback of sandboxing is that, it can’t catch everything. A sandboxed process might still be able to access less secure file systems. It’s also likely to miss protecting registry keys and files managed by third party software, like a game or chat program that isn’t native to the system.

WebDriver driven Chrome

While initiating a WebDriver controled Chrome Browsing Context using Selenium recently we had been advocating to use a certain command line argument:

  • --no-sandbox: Disables the sandbox for all process types that are normally sandboxed.

See:

No Sandbox

There are a couple of more Sandbox related flags available which enables the sandboxed processes to run without a job object assigned to them. This flag is required to allow Chrome to run in RemoteApps or Citrix. This flag can reduce the security of the sandboxed processes and allow them to do certain API calls like shut down Windows or access the clipboard. Also we lose the chance to kill some processes until the outer job that owns them finishes.

Sandbox

Sandbox leverages the OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential. The architecture and exact assurances that the sandbox provides are dependent on the operating system.

  • windows implementation principles:
    • Do not re-invent the wheel: It is tempting to extend the os kernel with a better security model. Don’t. Let the operating system apply its security to the objects it controls. On the other hand, it is just okay to create application-level objects (abstractions) that have a custom security model.
    • Principle of least privilege: This should be applied both to the sandboxed code and to the code that controls the sandbox. In other words, the sandbox should work even if the user cannot elevate to super-user.
    • Assume sandboxed code is malicious code: For threat-modeling purposes, we consider the sandbox compromised (that is, running malicious code) once the execution path reaches past a few early calls in the main() function. In practice, it could happen as soon as the first external input is accepted, or right before the main loop is entered.
    • Be nimble: Non-malicious code does not try to access resources it cannot obtain. In this case the sandbox should impose near-zero performance impact. It’s ok to have performance penalties for exceptional cases when a sensitive resource needs to be touched once in a controlled manner. This is usually the case if the OS security is used properly.
    • Emulation is not security: Emulation and virtual machine solutions do not by themselves provide security. The sandbox should not rely on code emulation, code translation, or patching to provide security.
  • linux implementation
  • macos implementation

More Related Contents:

  1. Timed out receiving message from renderer: 0.100 log messages using ChromeDriver and Chrome v80 through Selenium Java
  2. How does chrome driver interact with Chrome browser?
  3. Selenium Google Login Block
  4. SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81
  5. Is there a version of Selenium WebDriver that is not detectable?
  6. Many process of Google Chrome (32 bit)
  7. How to turn off w3c in chromedriver to address the error unknown command: Cannot call non W3C standard command while in W3C
  8. ERROR:ssl_client_socket_openssl.cc(1158)] handshake failed with ChromeDriver Chrome browser and Selenium
  9. Selenium use chrome on Colab got unexpectedly exited
  10. selenium.common.exceptions.SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 80
  11. How to open Chrome browser console through Selenium?
  12. WebDriverException: unknown error: DevToolsActivePort file doesn’t exist while trying to initiate Chrome Browser
  13. WebDriverException: Message: ‘chromedriver’ executable needs to be in PATH while setting UserAgent through Selenium Chromedriver python
  14. How does reCAPTCHA 3 know I’m using Selenium/chromedriver?
  15. USB: usb_device_handle_win.cc:1020 Failed to read descriptor from node connection error with ChromeDriver v87 / Chrome v87 using Selenium on Windows10
  16. Error Message: ‘chromedriver’ executable needs to be PATH
  17. Error [SEVERE]: Timed out receiving message from renderer: 20.000 while executing the testsuite through Selenium on Jenkins
  18. Why doesn’t ChromeDriver require Chrome or Chromium?
  19. Page load strategy for Chrome driver (Updated till Selenium v3.12.0)
  20. How to set window size in Selenium Chrome Python
  21. Download file through Google Chrome in headless mode
  22. Error Loading Extension Could not load extension from ‘C:\..\Local\Temp\scoped_dir6312_32763\internal’. Loading of unpacked extensions is disabled
  23. Selenium Timed out receiving message from renderer
  24. release Selenium chromedriver.exe from memory
  25. Timed out receiving message from renderer: 10.000 while capturing screenshot using chromedriver and chrome through Jenkins on Windows
  26. Could not load extension from scoped_dir6312_32763/internal.Loading of unpacked extensions is disabled by the administrator with ChromeDriver Selenium
  27. How to accept the popup presented when installing extension in Selenium?
  28. Cannot get automation extension from timeout: Timed out receiving message from renderer
  29. selenium.common.exceptions.ElementNotVisibleException: Message: element not interactable using Selenium
  30. Chrome is being controlled by automated test software

Leave a Comment