Monday, September 13, 2010

How to lock down Chrome from insecure plug-ins

Malware writers often target vulnerabilities in browser plug-ins such as Adobe Flash and Java. Undisclosed vulnerabilities and zero-day exploits on plug-ins are a common occurrence. If you use Chrome you can take advantage of the browser’s built in PDF plug-in, plug-in blocking and sandboxing capabilities. This is what you need to do.

First, make sure you are running the latest developer build of Chrome, i.e. Chrome 7, because we are going to use some of its improved security features. (Click on the wrench icon and select ‘About Google Chrome’ to check the version number.)

Disable Adobe PDF Reader plug-in

Adobe’s PDF plug-in has been targeted by zero-day exploits twice in last three months. Last week’s exploit is already under attack. To protect yourself from the exploit and all future Adobe PDF vulnerabilities, disable the Adobe Reader plug-in on your browser.

You can do this by typing chrome://plugin in Chrome’s address bar and clicking on Disable against the Adobe Reader plug-in entry.

Enable Chrome PDF plug-in

Now that you have disabled the Adobe Reader plug-in you won’t be able to view PDF files within the browser. To get back this functionality, enable the built in PDF plug-in.

Type chrome://plugin in Chrome’s address bar or omnibox and simple click on Enable under Chrome PDF Viewer.

chrome-pdf-enable

Allow only sandboxed plug-ins to run

Click on the wrench icon in Chrome and click on Options. Select the tab “Under the hood” and click on Content Settings.

Highlight Plug-ins. Choose the middle option – “Allow only sandboxed plugins”.

chrome-sandboxed-plugin

Once this option is turned on, any embedded objects that require a plug-in to run will be replaced with plug-in holder icon. Click on the icon to enable the plug-in. Additionally, an info bar appears on the top giving you the option to whitelist the domain from future plug-in blocking.

You can test this feature by visiting any YouTube page.

chrome-plugin-block

There you have it, a built in Flash blocker.

Get warned of out-of-date plug-ins

Periodically visit the chrome://plugin page and check the list of plug-ins installed. Chrome will issue a warning if newer updates of plug-ins are available for download.

chrome-plugin-warnings

Alternatively, you can install the Secbrowsing extension and get automatic alerts of out-of-date and vulnerable plugins.

chrome-secbrowsing

0 comments:

Post a Comment

Popular Posts