ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Something About Chrome

Go down

Something About Chrome Empty Something About Chrome

Post by anonopine 4/2/2011, 01:22

Hello,

There's something about Chrome, something wrong.

There are two versions of Chrome for Windows aside from the betas. There's ordinary Google Chrome, which installs into the user directory, and what I call Google Pack Chrome, which can only be obtained through Google Pack, and installs into the Program Files directory. I'm going to begin here with Google Pack Chrome.

If a computer user, running as a limited user, surfs with Google Pack Chrome and is subject to software restriction policies where software can only run from the Program Files and Windows directories, otherwise known as white-listing, and enforcement is all software files and all users except local administrators -- a flaw in this version of Chrome can set up an error condition that in one circumstance is probably without any lasting effect, and in another circumstance can alter administrator accounts.

If the computer user needs to install a program or undertake a customization that requires administrator privileges and logs off and tries to log on to an administrator account, they might receive two error messages -- User Environment messages -- from Windows which go something like "Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupted local profile ..." and so on.

A temporary generic administrator account will load.

Although it can be quite unnerving to see, it's probably harmless in this circumstance. The user can just restart the computer after allowing the temporary account to load. Everything will probably be back to normal and that temporary account will have disappeared.

Also, if you try to run a program with administrator privileges by using the Run As menu option, the program may appear to hang, or even hang. In this situation you can use the task manager to restart the computer.

If this error condition is set to arise and then the user tries to log on to an administrator account through the command line, the result can actually be the partial resetting of the administrator account profile that the limited user tried to access from the command line. If I recall correctly, it hung the command line and I restarted the machine and then logged into the administrator account that I had tried to access and it had been partially reset to default settings.

Firefox, Safari and IE8 are not affected by this flaw.

There is an end run around it. You can install ordinary Chrome, which installs into the user directory. Then you can safely use runas /user:xxx "mmc gpedit.msc" from the command line and change the security levels of the software restriction policies from "disallowed" to "unrestricted", and it will kick in straight away.

After that, you can use Chrome without the previously mentioned problems. That's how I've been using Chrome lately, as an occasional choice as in only when it's absolutely necessary. It's very good at translating sites from one language into another.

When you're finished using Chrome you can then get your security levels back to "disallowed".

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

Back to top Go down

Something About Chrome Empty Re: Something About Chrome

Post by anonopine 4/2/2011, 01:40

Excuse me for not mentioning that the operating system is Windows XP Pro.

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

Back to top Go down

Something About Chrome Empty RE: Something About Chrome

Post by anonopine 6/2/2011, 23:32

anonopine wrote on 4/2/2011, 08:22:

"There is an end run around it. You can install ordinary Chrome, which installs into the user directory. Then you can safely use runas /user:xxx "mmc gpedit.msc" from the command line and change the security levels of the software restriction policies from "disallowed" to "unrestricted", and it will kick in straight away."


Hi anonopine,

A one-line script is probaly (haven't tested it a heck of a lot) a much better way to run Chrome from the user directory not only because it's easier to start, but this method maintains "Disallowed" and Software Restriction Policies.

Use Run As to fire up Wordpad and create and save the following one-line script as "Chrome.cmd" (with quotes) to "C:\Program Files". Save as type: Text Document.

runas /trustlevel:"unrestricted" "%userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -incognito"

Open the Program Files directory and create a shortcut from the chrome.cmd and save it to your desktop. You can change the name of the shortcut to just "Chrome" and run it minimized.


anonopine

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

Back to top Go down

Something About Chrome Empty Re: Something About Chrome

Post by anonopine 11/2/2011, 23:39

I posted a message over at www.sandboxie.com because I couldn't figure out how to use Chrome with Sandboxie with the one-line script:

"I use software restriction policies where software can only run from the Program Files and Windows directories and enforcement is all software files and all users except local administrators.

I use Google Chrome sometimes. The version I use installs in your user directory, and it won't run with SRP security levels set to disallowed.

Chrome is very good at translating websites from one language to another. You can go to Google Language Tools with other browsers, but Chrome can produce a more sustained translation through the menus and links of a site.

To get around SRP you can use -- runas /user:xxx "mmc gpedit.msc" -- from the command line and change the security levels of the software restriction policies from "disallowed" to "unrestricted". The change is immediate.

The advantage in this method is that you can use Chrome with Sandboxie.

A one-line script is a seemingly easier way to run Chrome from the user directory, not only because it's easier to start, but this method generally maintains "Disallowed" and software restriction policies, except of course for Chrome itself:

runas /trustlevel:"unrestricted" "%userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -incognito"

The disadvantage for me is that I can't use Chrome with Sandboxie with with this method. I have no idea why and I was hoping someone might be able to help me with this.

Thank you for your time and attention.


oat s"



Sandboxing cmd.exe might be one way to do it, except that Sandboxie itself uses cmd.exe to delete the contents of the sandbox, and it would do it recursively.

I googled "sandboxing cmd.exe with sandboxie" and Google returned this link, ssj100's Security Setup:

https://ssj100.forumotion.com/t4-ssj100-s-security-setup

ssj100 tells us that Sandboxie relies on cmd.exe by default to delete the sandbox, and explains how we can rename cmd.exe, and provides a good example of how to formulate the renamed Sandboxie delete command.

So, thank you to ssj100.

Now it seems to be possible.


oat s (anonopine)

anonopine
New Member
New Member

Posts : 7
Join date : 2011-02-03

Back to top Go down

Something About Chrome Empty Re: Something About Chrome

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum