[.08] Add a phishing template for Google Chrome

Listing issues addressed in beta version 4.05
Locked
Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

[.08] Add a phishing template for Google Chrome

Post by Guest10 » Wed Aug 28, 2013 1:56 pm

Chrome should have a template for the "Safe Browsing" anti-phishing files.
------------
Note to tzuk...
The variable '%Tmpl.Chrome%' can't be used, since it points to the folder underneath "User Data":
Tmpl.Chrome=%Local AppData%\Google\Chrome\User Data\Default
------------

I would recommend that all Chrome users allow access to the Chrome "Safe Browsing" (anti-)phishing files.
And, just as the phishing template for Firefox has some security type files added to it, I have added a setting to this template to allow Chrome to update it's "Certificate Revocation Lists" file, when sandboxed.


[Template_Local_Google_Chrome_Phishing_DirectAccess]
Tmpl.Class=Local
Tmpl.Title=Allow direct access to Google Chrome phishing files
OpenFilePath=chrome.exe,%Local AppData%\Google\Chrome\User Data\Safe Browsing*
OpenFilePath=chrome.exe,%Local AppData%\Google\Chrome\User Data\Certificate Revocation Lists

(Dragon and Iron users can check to see if they have those files, and revise the template to use 'dragon.exe' or 'iron.exe' in place of 'chrome.exe')
------
The above template will allow sandboxed Chrome to keep these files updated, outside of the sandbox:
Safe Browsing Download Whitelist
Safe Browsing Extension Blacklist
Safe Browsing Bloom
Safe Browsing Bloom Prefix Set
Safe Browsing Cookies
Safe Browsing Cookies-journal
Safe Browsing Csd Whitelist
Safe Browsing Download
Certificate Revocation Lists
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Aug 28, 2013 2:02 pm

I will add this to the default settings for a new sandbox, just like Template_Firefox_Phishing_DirectAccess.

Will probably change chrome.exe to apply to a few more Chrome-based browsers that I know about.

Thanks Guest10!
tzuk

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Sep 02, 2013 9:51 am

Added in version 4.05.08 in

Sandbox Settings > Applications > Web Browser > Google Chrome
Allow direct access to Google Chrome phishing database

(Applies to chrome.exe, dragon.exe, iron.exe, opera.exe, maxthon.exe.)

The setting will only apply automatically to new sandboxes!
For existing sandboxes, it has to be enabled manually.

Thanks again!
tzuk

Locked

Who is online

Users browsing this forum: No registered users and 1 guest