Windows DLL preloading attack in Chromium based desktop browser application

339 views
Skip to first unread message

Nataraj Bukkambudi

unread,
Dec 25, 2024, 9:22:26 AM12/25/24
to Chromium-discuss
HI All, 
We built Windows Desktop Browser Application based on chromium m120.
When I install, it extracts all required files into AppData\Local\<Our_Application_path>.

Issue is when I copy a malicious DLL in this directory with admin role & launch the app, app launch successful. But same steps I tried with Brave.exe, Chrome.exe & Chrome.exe ( Chromium snapshot m124), applications render process blocked with Aw Snap error.

Can someone please help here how  this issue handheld in Chromium Open Source & what are the DLL load functions used with DLL search order to fix this issue..?

Below is reference bug discussed with mitigation plan.

thank you,
Nataraj



J Decker

unread,
Dec 26, 2024, 6:00:36 PM12/26/24
to Chromium-discuss, Nataraj Bukkambudi
Looks like that issue is 'closed, out-of-scope' or 'works as intended on target platform'... 


Not sure which .dll you're replacing, if it's like the main chrome.dll there' main_dll_loader_win.cc sort of files in a few places that have that function... the option is specified as LOAD_WITH_ALTERED_SEARCH_PATH  but probably what you're complaining about is the lack of an absolute path ; which could be built from GetModuleFileName( GetModuleHandle( NULL ), buffer, bufsize ); and trim to the last slash to maybe get where you're running from.

don't know if it's maybe you're replacing a dll that is loaded as a part of dependancy of some other DLL - for which absolute names are never used, and something like 'opengl32.dll' could still be used to side-swipe code execution... 

Nataraj Bukkambudi

unread,
Dec 27, 2024, 3:04:12 AM12/27/24
to Chromium-discuss, J Decker, Nataraj Bukkambudi
Thank you for share above useful information. 
As you mentioned, Yes DLL preloading handled in chromium.
For above issue, root cause I found that, for our Application some name we used instead of chrome.exe & because of that above issue.
Out app If I rename and run exe, issue not observed, So it requires some fix at chrome/installer side I guess, I m checking that.
Reply all
Reply to author
Forward
0 new messages