Google Chrootme

2009 November 10
by Ilya

I wonder what may explain Google Chrome behaves like a rootkit. Why on Earth a web browser need to mess-up with NtOpenProcessToken, NtOpenThreadTokenEx and stuff like that?

Google Chrome is rootkiting

Reddit this / Add to del.icio.us / Digg this!

from → boo, security, technology

3 Comments leave one →
2009 December 11
Roberto permalink

Might it be because of the rivalry between Google and Microsoft? Actually, “…some software may use rootkit techniques to hide from third-party scanners to detect tampering or attempted breakins…” (cited from Wikipedia).

2010 February 15
glysbaysb permalink

More probaly to defend itself from banking trojans.
Most of these inject Parts of there own code into the browser to hijack data. This can be avoided by hooking these

2010 July 1
Myron permalink

Google Chrome runs in multiple processes. If I understand it correctly, it has a main process and then each tab in the browser is running in a seperate process. This means there needs to be some IPC mechanisms setup between the processes. This is probably why it is touching some Kernel APIs.

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS