Is Chrome meant to be blocking DLL injection?

[Caleb]

Within the this Chromium blog post it is stated that "In September 2018, Chrome 69 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software".

However I am seeing that within version "69.0.3497.100 (Official Build) (64-bit)" DLLs from 3rd party applications, i.e. non-Google and non-Microsoft, are still being injected and there is no signs of a crash and re-launch of Chrome.

Does anyone know whether the behaviour has changed since the Chromium blog I've quoted was written?

Thanks,

Caleb.

[Joe Mason]

What software are you seeing injected? There's a white-list for accessibility software (ie. input methods) and I think one other category that I've forgotten.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

[Caleb]

Thanks Joe.

Can you point me in the direction of this white list? If it is hard coded into chrome is the list documented somewhere?

Thanks,

Caleb

[Joe Mason]

I don't think it's a fixed list, I think the type of module is detected. https://cs.chromium.org/chromium/src/chrome/browser/conflicts/module_database_win.h looks like the main entry point, and there's a separate method OnImeEnumerated that's called only for input methods. You should be able to tell how it decides what's an input method by digging around in the code starting there.