4.15 Beta Available (Latest Version 4.15.12)

[Curt@invincea]

Thanks to rpljhun, we finally can repro the dropped rights crash. The key is the combination of enabling dropped rights and setting UAC to "never notify". This is why it is so important to include any unusual Windows settings you are using when reporting problems.

The crash is coming from Chrome font code -- which explains the font problems user Dun is having. I have no clue as to what fonts have to do with dropped rights or UAC. But, it seems to be the same crash (or related) as reported here: https://codereview.chromium.org/390183005/

I expect it has something to do with UAC forcing everything to run elevated, and dropped rights removing admin privileges. The 2 contradict each other rather severely. Matter meets anti-matter, and you have an explosion.

FontFallbackList::determinePrimarySimpleFontData is returning NULL and Chrome crashes. This bug was reported fixed back in July. Perhaps it hasn't made it into the production code yet. At any rate, it looks like the crash is still there.

So in the meantime, reenable UAC or disable dropped rights. I highly recommend reenabling UAC.

[Curt@invincea]

Not sure why you expect DMP if it is not 'chrome has stopped working' or 'Whoa! Google Chrome has crashed'. Who the hell have UAC enabled Masochists?

I never run with UAC disabled. It forces everything to run with admin privileges. A very dangerous thing to do.

[cornflake]

Did anyone who has been following the issue with Chrome try what I said about deleting the Chrome update folder in the sandbox running it? As I mentioned I had the same problems (or maybe not the same, based on what Curt said above..) as everyone here and they went away after I did that. If Chrome is out of date it may try to update itself in the sandbox.

[Nix]

This drop rights issue more likely to occur on windows 7 when UAC is set to "Never notify"

Confirmed... Chrome with Drop rights enabled is working after enabling UAC(forgot that I disabled it the first place).

Thanks rpljhun!

[Domochevsky]

Not sure why you expect DMP if it is not 'chrome has stopped working' or 'Whoa! Google Chrome has crashed'. Who the hell have UAC enabled Masochists?

I never run with UAC disabled. It forces everything to run with admin privileges. A very dangerous thing to do.

What do you mean "forces"? Shouldn't that be exactly what "Drop Rights" prevents from happening, by stripping that token out?

[vito2]

Thanks, Dun! Thanks, rpljhun! Great news, no ff needed, I'm saved.

My plan was to run UAC disabled and rights dropped in Sandboxie. Yes, new Chromes work UAC enabled & rights dropped except Slimjet 2.0.0.1 portable which doesn't respond as sandboxed. This is a pity, Slimjet is very nice browser.

Who the hell have UAC enabled Masochists?

UAC Controller Tool v1.0 is an easy way to configure UAC. Turning UAC off requires restart, but you can switch between enable elevation without prompt for Administrators and other UAC enabled settings without restart.

[Mr.X]

Not sure why you expect DMP if it is not 'chrome has stopped working' or 'Whoa! Google Chrome has crashed'. Who the hell have UAC enabled Masochists?

I never run with UAC disabled. It forces everything to run with admin privileges. A very dangerous thing to do.

What do you mean "forces"? Shouldn't that be exactly what "Drop Rights" prevents from happening, by stripping that token out?

Curt said: "I never run with UAC disabled". If disabled, UAC actually forces or let anything to run as admin.

[Curt@invincea]

This is from Windows help regarding "Never Notify"

This is the least secure setting. When you set UAC to never notify, you open up your computer to potential security risks.
If you set UAC to never notify, you should be careful about which programs you run, because they'll have the same access to the computer as you do. This includes reading and making changes to protected system areas, your personal data, saved files, and anything else stored on the computer. Programs will also be able to communicate and transfer information to and from anything your computer connects with, including the Internet.

What this means is, if you are running as an admin, and you set UAC to "never notify", everything you run is running as high integrity (elevated). Windows is basically avoiding the UAC dialogs by letting everything run as administrator.

Here is a screenshot of a VM with UAC = "never notify"

[Bellzemos]

I have had UAC disabled on my Windows 7 machine since that day I installed Windows on it (April 2011) and never ever had a virus or any kind of malware infection. I'm using paid Sandboxie, Avast and common sense.

[Peter2150]

I run UAC disabled but I have Appguard, and NVT's ERP on duty. Just grins after reading Curts post, I set UAC back to default. System booted fine, but a lot of my startups, didn't start. Back to UAC off for me.

[Curt@invincea]

Just to summarize, Chrome is crashing in its font handling code when Sbie dropped rights is enabled and UAC disabled ("never notify"). I have no idea exactly why this causes Chrome to crash. But from looking on chromium.org, the problem may have already been fixed. For the time being, the workaround is to either enable UAC or disable dropped rights when running Chrome. We have to move on to other issues.

[Curt@invincea]

Windows 8 x64 / IE10

When launching IE sandboxed:

The instruction at 0xa9b11b4e referenced memory at 0xffffffff. The memory could not be read. Click OK to terminate the program.

followed by:

The instruction at 0xa9b16013 referenced memory at 0xcc5177d0. The memory could not be written. Click OK to terminate the program.

After reverting back to 4.14, no problems.

Problem has changed with 4.15.2 (see attachment)

After reverting to 4.14, all is well again.

This does appear to be a problem with the new hooking code. But, so far, this is the only report we have had of a crash in 4.15.2. Are you running Win 8.1 or Win 8.0? What other AV apps (anything that might inject code into the sandbox) are you running?

[Nix]

I run UAC disabled but I have Appguard, and NVT's ERP on duty. Just grins after reading Curts post, I set UAC back to default. System booted fine, but a lot of my startups, didn't start. Back to UAC off for me.

@Curt, would there be a solution with this in the upcoming updates?!.. Have the same situation as Peter2150 running appguard thats why I disabled UAC.

Nix

[RonR]

Windows 8 x64 / IE10

When launching IE sandboxed:

The instruction at 0xa9b11b4e referenced memory at 0xffffffff. The memory could not be read. Click OK to terminate the program.

followed by:

The instruction at 0xa9b16013 referenced memory at 0xcc5177d0. The memory could not be written. Click OK to terminate the program.

After reverting back to 4.14, no problems.

Problem has changed with 4.15.2 (see attachment)

After reverting to 4.14, all is well again.

This does appear to be a problem with the new hooking code. But, so far, this is the only report we have had of a crash in 4.15.2. Are you running Win 8.1 or Win 8.0? What other AV apps (anything that might inject code into the sandbox) are you running?

Running Windows 8.0 x64.

No other AV apps installed. I rely on Sandboxie and Windows Defender.

[Domochevsky]

...
Curt said: "I never run with UAC disabled". If disabled, UAC actually forces or let anything to run as admin.

No, he said "forces", not "forces or let". That's a critical difference.
As for UAC, is there a difference between "completely disabled" and "never notify"? Otherwise I suspect it just runs applications at the user's privileges that started them. (Which by default is likely administrative.)