Chromium Embedded Framework Forum

[joseshinoj]

I use libcef 80.0.20 version. I noticed that the dll loads lot of other binaries probably from the system32 folder. But the order of searching for these are not specified which can be a security concern. An attacker can simulate his dlls in these names and can place in the current folder. This will be then picked by default.
Has this issue been addressed in any of the later releases?

[magreenblatt]

If an attacker has write access to the local machine then they can do pretty much anything they like, including replacing libcef.dll or your exe. Chromium maintains a blocklist of DLLs that are known/likely to be problematic. Beyond that you would need to sign and verify every binary loaded by the process, and that would be extremely problematic with third-party binaries such as antivirus, device drivers, etc.

[magreenblatt]

See also https://bugs.chromium.org/p/chromium/is ... ?id=691975

[ndesktop]

Use SetDllDirectory, SetDefaultDllDirectories from the main executable to place system32 and current directory first; also you can configure the process environment variable PATH in the same manner.
More hardcore ways would be to patch LoadLibrary (if you are on Windows) - or better yet, ntdll!LdrLoadDll - using Detours or VirtualProtect patching.
Then one can check the signature of a file (both in file and catalogue), allow only certain paths etc.