Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email link to web site seemed to break out of sandbox #3885

Open
JimCarls opened this issue May 10, 2024 · 2 comments
Open

Email link to web site seemed to break out of sandbox #3885

JimCarls opened this issue May 10, 2024 · 2 comments
Labels
Confirmation pending Further confirmation is requested

Comments

@JimCarls
Copy link

JimCarls commented May 10, 2024
edited by offhub

Describe what you noticed and did

I received a marketing email that looked legitimate (and I believe, still was) with a link to the company's website. However, the link was so long that I decided to be careful and opened up a sandboxed copy of Chrome.

When I pasted the link and pressed [Enter], Chrome seemed to work as expected. However, shortly after the website appeared, the windows content blanked. I then received a message about Chrome abending, and did I want to reload the web pages. When I confirmed, the website displayed, but it appeared to be in the unsandboxed browser (no telltale yellow rectangle around the window). Nothing negative happened after that, although the website had some peculiar formatting issues.

I attempted to reproduce this today, using Chrome (which regreattably, updated itself when I opened it). I had problems with getting any response, but then noticed that DuckDuckGo was prefixing the link as a search term. When removed that I was able to access the site, but no crash occurred.

I'm posting this simply because I wasn't sure about the result—especially because the prompts led me to re-opening the site in what appeared to be an unprotected Chrome session. Thanks.

Here is the link I pasted into the sandboxed Chrome:

https://d2wxm604.na1.hubspotlinks.com/Ctc/W+113/d2wxM604/VVnVzV7kN2D3W3RDgjL4p-XZlW24t7JB5dTRwvN1sYgXW5n4LbW50kH_H6lZ3pZW3x8YGz8kJxfmVxmLpt6GVk51W1FN7k23W-qp2W6y-LmJ101zYrW76QGNh7jRRnRW7Q1KXg72Bn1-W6XhrWp98K5plW1QWs2B7RbpypW42nZsj3d1vxCW8bctGK3VYn8WW3dsmJg5vVqHDW3q7smr3fSQVYN1VJSYVHHjlHVZhcVW5NnQXhW6Vw_4z6gCkWTW6M5jpK198_v4W30LwSX66cQ8GW7ZQwJt7DlnF-W69vT5C1wK6yBW9bTxtV8kFLQBW43f1Y_7BZc6XW8_TX_N7KDzlxW50pRyg3GC6wXV_WSH25bKnBSW4h3nqy7ZsJdMW36gwZb6c_9_RW4HNnGp88Rt8yW3DD73-4M_8-PW7PnZsm1xdfg9W31xl_Z1q9_9KW8bynDc96CStfW5Dv7X73h_7vkf4Wjd6d04

How often did you encounter it so far?

Just once (see the context of my description).

Expected behavior

I expected to see whatever the website would display within the sandbox—that is, either a legitimate website or a malignant operation from which Sandboxie protected my computer.

Affected program

Chrome Version 124.0.6367.201

Download link

Not relevant

Where is the program located?

The program is installed both inside and outside the sandbox.

Did the program or any related process close unexpectedly?

Yes, it did, but no .dmp file has been created in the system.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie Plus 1.13.7

Is it a new installation of Sandboxie?

I have been using the same version for some time.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 Home 19045.4291

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Microsoft Defender

Did you previously enable some security policy settings outside Sandboxie?

None that I know of.

Trace log

No response

Sandboxie.ini configuration

[GlobalSettings]

Template=RpcPortBindings
Template=7zipShellEx
Template=OfficeClickToRun
Template=AdobeDistiller
Template=WacomTablet
Template=WindowsRasMan
Template=Pdf995
Template=WindowsLive
Template=nVidia_Stereoscopic3D
TemplateReject=OfficeLicensing
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
SeparateUserFolders=y
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
EditAdminOnly=n
ForceDisableAdminOnly=n
ForgetPassword=n
NetworkEnableWFP=n
EnableObjectFiltering=n
EnableWin32kHooks=y

[DefaultBox]

ConfigLevel=10
AutoRecover=y
Template=OpenSmartCard
Template=OpenBluetooth
Template=FileCopy
Template=SkipHook
Template=Thunderbird
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Enabled=y
AutoDelete=y
NeverDelete=n
CopyLimitKb=253962

[UserSettings_05000141]

SbieCtrl_UserName=jim
SbieCtrl_NextUpdateCheck=1617743573
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_ShowWelcome=n
SbieCtrl_WindowCoords=809,48,1024,661
SbieCtrl_ActiveView=40021
SbieCtrl_AutoApplySettings=n
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_HideWindowNotify=n
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
SbieCtrl_BoxExpandedView=DefaultBox
SbieCtrl_EnableAutoStart=y
BoxGrouping=:DefaultBox,MSDOS_Box

[UserSettings]

SbieCtrl_AutoStartAgent=SandMan.exe
AutoRecover=n
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
ConfigLevel=10

[MSDOS_Box]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
@JimCarls JimCarls added the Confirmation pending Further confirmation is requested label May 10, 2024
@offhub
Copy link
Collaborator

offhub commented May 10, 2024

If the colored border is not visible, you can identify sandboxed windows using the Sandbox > Is Window Sandboxed command.

To use the command, click and hold the left mouse button on the Finder Tool, that is, the icon of a target within a window. Without releasing the left mouse button, drag the target over the desired window, and when the target is within the boundaries of the desired window, release the left mouse button.
If the window is owned by a sandboxed program, Sandboxie will display the program name and sandbox name.

@bastik-1001
Copy link
Contributor

Google warned that there is a vulnerability that is being exploited in the wild. The version your Chrome updated to contains the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Confirmation pending Further confirmation is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bastik-1001 @offhub @JimCarls