HMAC and “secure preferences”: Revisiting chromium-based browsers security
Paper i proceeding, 2020
Google disabled years ago the possibility to freely modify some internal configuration parameters, so options like silently (un)install browser extensions, changing the home page or the search engine were banned. This capability was as simple as adding/removing some lines from a plain text file called Secure Preferences file automatically created by Chromium the first time it was launched. Concretely, Google introduced a security mechanism based on a cryptographic algorithm named Hash-based Message Authentication Code (HMAC) to avoid users and applications other than the browser modifying the Secure Preferences file. This paper demonstrates that it is possible to perform browser hijacking, browser extension fingerprinting, and remote code execution attacks as well as silent browser extensions (un)installation by coding a platform-independent proof-of-concept changeware that exploits the HMAC, allowing for free modification of the Secure Preferences file. Last but not least, we analyze the security of the four most important Chromium-based browsers: Brave, Chrome, Microsoft Edge, and Opera, concluding that all of them suffer from the same security pitfall.
Chromium
Web security
Changeware
HMAC
Författare
Pablo Picazo-Sanchez
Chalmers, Data- och informationsteknik, Informationssäkerhet
Gerardo Schneider
Chalmers, Data- och informationsteknik, Formella metoder
Andrei Sabelfeld
Chalmers, Data- och informationsteknik, Informationssäkerhet
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 12579 107-1269783030654108 (ISBN)
19th International Conference on Cryptology and Network Security, CANS 2020
Vienna, Austria,
Vienna, Austria,
Ämneskategorier
Datorteknik
Datavetenskap (datalogi)
Datorsystem
DOI
10.1007/978-3-030-65411-5_6