Out of curiosity, let's say I visited a site that was designed to exploit Chrome. What is the worst it could do? Install a keylogger for example?
Or would it basically be browser only?
Out of curiosity, let's say I visited a site that was designed to exploit Chrome. What is the worst it could do? Install a keylogger for example?
Or would it basically be browser only?
Theoretically, it can do anything that the logged in user can do.
In practise, I haven't ever seen a successful browser exploit on Linux.
However, I have had to clean a number of mismanaged Linux servers that were infested with spam sending engines. In all cases it was due to some asshats who thought that a four character root password was really super cool...
The worst thing an exploit can do is cause the execution of commands you didn't intend to execute. But I wouldn't think it would lead to installation of a keylogger, because at that point the exploit developer could do basically anything, so there'd be no need for one.
But as people are fond of saying, that usually doesn't happen. The economics of exploit development for criminal activity are such that it makes the most sense to go from exploit to malware installation, which is going to target Windows systems for the most part. It's not that it can't be done on Linux desktops, just that there's not much economic advantage or incentive in it.
Most of the time the worst result will be that the application crashes.
Chrome's a poor example, you can do very little with a compromised Chrome due to its sandbox. An attacker who exploits Chrome is very limited.
If we talk about Firefox then it can do anything that the logged in user can do. It can keylog, write files to anywhere that your Firefox process can write them, read any files it can read, etc. Your attacker essentially "controls" Firefox's processes and it inherits those abilities.
sig
This scenario is hard to answer since it relies on so many different variables to give an answer in-depth. However, let us assume this is a default installation of Ubuntu being exploited.
Scenario: You're surfing the Internet with your favorite browser and you stumble upon a malicious website that is compromising browsers with a shiny new zero-day.
Cause: Assume the exploit has set the payload to download, compile and execute a bindshell. Now the bindshell is running with whatever account privileges the browser had when exploited. The attacker can now connect to you and further compromise your machine by escalating his/her privileges using whatever exploits he/she has access to.
Prevention: Using secure App Armor profiles (not the default ones) to mitigate the damage compromised software can do would have likely prevented this from happening.
If you get creative, there is so much someone could do given your criteria. However, my given scenario would be the most common and most dangerous of them.
Even if IPTables were set up to disallow all incoming connections except for related/established ones, you would still be vulnerable, because it would be trivial to modify the aforementioned program to connect to the attacker instead of waiting for a remote connection (a reverse shell). Therefore, you are literally establishing the connection to the attacker, and once he/she has completely compromised the machine by escalating his/her privileges, there is no limit to what they could do.
Last edited by KaosuX; November 4th, 2012 at 12:41 AM.
I have not reviewed this profile. I have actually taken the time to carefully create my own profiles for all of the software that I use. However, I will do a quick Google search and take a look at the suggested profile. If I find anything that can be improved, I will happily send the changes to its maintainer.
Basically an attacker would have the same access to the machine that the user does. He wouldn't have root unless he has a separate exploit that allows him to escalate (i.e. a flaw in the OS). This means, in order to get root, he would need a browser exploit and an OS exploit.
But even without root, he can initiate connections to servers and make your machine a spam bot, etc.
As was mentioned, the probability of this happening is low, especially with Google Chrome. It uses 2 separate sandboxes. While it's probably not "impossible" to break out of them (a la pinky pie), it would be exceedingly difficult. You can give Firefox close to the same level of security with a strict AA profile.
It is not necessary to do privilege escalation via the vulnerability of Kernel of Linux. There are many ways to do privilege escalation. The easiler way is via the sudoer.
It is not necessary that there is any vulnerability on the browser itself. The vulnerability may be coming from the website, such as XSS.
Samiux
Last edited by samiux; November 5th, 2012 at 09:38 AM. Reason: fix typo
The worst thing a browser exploit can do is install an addon which captures all your banking passwords and sends it to some guy in Russia who steals all your money and uses it to retire to Hawaii. That solely needs access to your account as your user ID.
I'm far more concerned about that scenario than someone using a second exploit to install a rootkit so they can use my Ubuntu box as a spam server. That's why I only log into my bank from a separate Linux box which isn't used for anything other than work and banking.
Bookmarks