My thoughts on the difference between Chrome's approach to security and Edge's approach.https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.snvaii5dh …
Thanks for the note! Really impressive turnaround time for such a detailed blog post. However, I have 2 issues...
-
-
1. It feels like you are ignoring or underestimating the impact of the code signing mitigation
-
I feel I gave full credit, but I'm also dubious long term, as full ROP compilers are already a thing (e.g. on iOS).
-
Code signing mitigation seems to be aimed more against faulty well-meaning 3rd party code than malware.
-
Guessing, but Edge CF procs have some FS access, so a shorter ROP chain to load an attacker controlled binary.
-
Plausible, although if you can already call LoadLibrary with your arguments, you can also do without it.
-
CIG and no child proc protect against this, can't load improperly signed attacker DLL/EXE
-
My point is if you already have a way to call CreateProcess or LoadLibrary, you can generally...
-
...execute arbitrary code without these as well, just less conveniently.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.