Who changed my browser settings? Silently modifying the Secure Preferences of Chrome

Abstract

Google Chrome is as of today the most used web browser in the world. With millions of daily users the security of the browser is of high importance. When using Google Chrome each user obtains a couple of configuration files for storing information such as bookmarks, browser history, homepage and a multitude of other settings. One of these files is the Secure Preferences file in which some of the browsers most sensitive settings are stored. In order to protect these settings Chrome has added custom Hash-based Message Authentication Codes (HMACs) that are used to ensure that no settings are silently modified by third parties. This thesis describes how this security can be circumvented and implements a versatile script, for Windows, that is able to alter all the information stored in Secure Preferences without alerting the browser. This thesis also describes the steps taken in order to reproduce the hashing mechanism of Chrome as well as how different preferences can be exploited. An extension is developed which makes it possible to run the script from the Chrome browser. The script is then evaluated together with the extension by both checking the correctness of the HMAC calculation and how well it is able to perform a variety of exploits. This thesis proves that it is indeed possible to break the security of the Secure Preference file. By reproducing and replacing the HMACs which gives the user of the script the possibility to alter frequently used functions in Chrome such as homepage, new tabs, extensions and default search engine.