The "Chrome Security Auditor" isn t a standalone product, but rather The "Chrome Security Auditor" isn't a standalone product, but rather the comprehensive security auditing capabilities embedded within **Chrome's Developer Tools**.
It's an essential resource for web developers to identify and rectify common web security vulnerabilities. Key features include:
* **Security Panel:** Inspects TLS/SSL certificate details, highlights insecure origins, and detects mixed content (HTTP on HTTPS).
* **Network Panel:** Allows examination of critical security headers (e.g., Content-Security-Policy, HSTS, X-Frame-Options).
* **Console:** Reports real-time security warnings and Content Security Policy violations.
* **Lighthouse:** Provides automated audits for security best practices, like HTTPS enforcement.
This collective functionality empowers developers to build and maintain more secure, privacy-respecting websites.
=============================================================================================================================================
| # Title : Chrome 142.0.7444.176 (Official Build) (64-bit) Security Auditor - Comprehensive Browser Security Assessment Tool |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits) |
| # Vendor : https://www.google.com/chrome/ |
=============================================================================================================================================
POC :
[+] References : https://packetstorm.news/files/id/189250/
[+] Summary :
Chrome Security Auditor is a comprehensive PHP-based security assessment tool designed to perform in-depth security analysis of Google Chrome browser installations on Linux systems.
The tool conducts multiple security tests including memory analysis, binary examination, system security settings verification, and vulnerability assessment.
[+] POC : php poc.php
<?php
/**
* Chrome Security Auditor - PHP Version
* ???? ??? ???? ????? Chrome ?????? PHP
*
* @author indoushka
* @version 1.0
*/
class ChromeSecurityAuditor {
private $chromePaths = [
'/usr/bin/google-chrome',
'/usr/bin/chromium',
'/usr/bin/chromium-browser',
'/snap/bin/chromium',
'/opt/google/chrome/chrome'
];
private $testResults = [];
private $debugMode = false;
public function __construct($debug = false) {
$this->debugMode = $debug;
$this->log("??? ???? ??? ???? Chrome");
}
/**
* ????? ??????? ?? ?????? ??????
*/
private function log($message, $type = "INFO") {
$timestamp = date('Y-m-d H:i:s');
$formattedMessage = "[$timestamp] [$type] $message\n";
if ($type === 'ERROR') {
file_put_contents('php://stderr', $formattedMessage);
} else {
echo $formattedMessage;
}
}
/**
* ????? ????? ?????? ?????
*/
private function executeCommand($command, $timeout = 30) {
$this->log("????? ?????: $command", "DEBUG");
$output = [];
$returnCode = 0;
$descriptors = [
0 => ['pipe', 'r'], // stdin
1 => ['pipe', 'w'], // stdout
2 => ['pipe', 'w'] // stderr
];
$process = proc_open($command . ' 2>&1', $descriptors, $pipes);
if (is_resource($process)) {
// ????? stdin
fclose($pipes[0]);
// ????? stdout
$stdout = stream_get_contents($pipes[1]);
fclose($pipes[1]);
// ????? stderr
$stderr = stream_get_contents($pipes[2]);
fclose($pipes[2]);
$returnCode = proc_close($process);
$result = [
'stdout' => trim($stdout),
'stderr' => trim($stderr),
'return_code' => $returnCode
];
$this->testResults[] = [
'command' => $command,
'result' => $result
];
return $result;
}
return ['stdout' => '', 'stderr' => 'Failed to execute command', 'return_code' => -1];
}
/**
* ?????? ?? ????? Chrome
*/
public function checkChromeInstalled() {
$this->log("?????? ?? ????? Google Chrome...");
foreach ($this->chromePaths as $path) {
if (file_exists($path) && is_executable($path)) {
$this->log("?? ?????? ??? Chrome ??: $path", "SUCCESS");
return $path;
}
}
$this->log("?? ??? ?????? ??? Chrome ?? ???????? ????????", "ERROR");
return false;
}
/**
* ?????? ??????? ASLR
*/
public function testASLR() {
$this->log("?????? ??????? ASLR...");
$result = $this->executeCommand('cat /proc/sys/kernel/randomize_va_space');
if ($result['return_code'] === 0) {
$aslrValue = trim($result['stdout']);
$this->log("????? ASLR ??????: $aslrValue");
switch ($aslrValue) {
case '0':
$this->log("ASLR ???? - ??? ????!", "ERROR");
break;
case '1':
$this->log("ASLR ???? ??????", "WARNING");
break;
case '2':
$this->log("ASLR ???? ???????", "SUCCESS");
break;
default:
$this->log("???? ASLR ??? ??????: $aslrValue", "WARNING");
}
return $aslrValue;
}
$this->log("??? ?? ????? ??????? ASLR", "ERROR");
return false;
}
/**
* ?????? ??????? DEP/NX
*/
public function testDEP() {
$this->log("?????? ??????? DEP/NX...");
$result = $this->executeCommand('grep -i nx /proc/cpuinfo | head -5');
if ($result['return_code'] === 0 && !empty($result['stdout'])) {
$this->log("??????? ???? ????? NX", "SUCCESS");
$this->log("?????? NX: " . $result['stdout']);
return true;
}
$this->log("??????? ?? ???? NX ?? ?? ???? ??????", "WARNING");
return false;
}
/**
* ??? ??????? ???????? Valgrind
*/
public function runValgrindCheck($chromePath) {
$this->log("??? ??? ??????? ???????? Valgrind...");
// ?????? ?? ????? Valgrind
$valgrindCheck = $this->executeCommand('which valgrind');
if ($valgrindCheck['return_code'] !== 0) {
$this->log("Valgrind ??? ????", "ERROR");
return false;
}
$command = "timeout 30 valgrind --leak-check=summary " .
escapeshellarg($chromePath) .
" --headless --disable-gpu --no-sandbox --disable-extensions --no-first-run --disable-features=VizDisplayCompositor";
$result = $this->executeCommand($command);
if (strpos($result['stdout'], 'ERROR SUMMARY') !== false) {
preg_match('/ERROR SUMMARY:\s*(\d+)/', $result['stdout'], $matches);
$errors = $matches[1] ?? 'unknown';
$this->log("??? ??????? ?? ???????: $errors", $errors > 0 ? "WARNING" : "SUCCESS");
}
return $result;
}
/**
* ????? ????? ???????
*/
public function analyzeBinary($chromePath) {
$this->log("????? ????? ??????? ?? Chrome...");
$checks = [
'file_type' => 'file ' . escapeshellarg($chromePath),
'security_checks' => 'checksec --file=' . escapeshellarg($chromePath) . ' 2>/dev/null || echo "checksec not available"',
'symbols' => 'nm ' . escapeshellarg($chromePath) . ' | head -20',
'strings_analysis' => 'strings ' . escapeshellarg($chromePath) . ' | head -30'
];
foreach ($checks as $checkName => $command) {
$this->log("????? ???: $checkName");
$result = $this->executeCommand($command);
if ($result['return_code'] === 0) {
$this->log("????? $checkName: " . substr($result['stdout'], 0, 200) . "...");
}
}
}
/**
* ?????? ?????? ??????
*/
public function testDangerousInputs($chromePath) {
$this->log("?????? ???????? ??????...");
$testCases = [
'buffer_overflow' => str_repeat('A', 10000),
'format_string' => '%s%s%s%s%s%s%s%s',
'special_chars' => '../../../../etc/passwd',
'long_path' => str_repeat('/a', 500)
];
foreach ($testCases as $testName => $testInput) {
$this->log("??????: $testName");
$tempFile = tempnam(sys_get_temp_dir(), 'chrome_test_');
file_put_contents($tempFile, $testInput);
$command = 'timeout 5 ' . escapeshellarg($chromePath) .
' --headless --disable-gpu --no-sandbox ' .
escapeshellarg($tempFile);
$result = $this->executeCommand($command);
if ($result['return_code'] !== 0 && $result['return_code'] !== 124) {
$this->log("?????? $testName ???? ?? ???? ??? ?????", "WARNING");
}
unlink($tempFile);
}
}
/**
* ??? ?????? ???????
*/
public function checkFilePermissions($chromePath) {
$this->log("??? ?????? ??? Chrome...");
$permissions = fileperms($chromePath);
$owner = fileowner($chromePath);
$group = filegroup($chromePath);
$this->log("?????? ?????: " . substr(sprintf('%o', $permissions), -4));
$this->log("???? ?????: " . posix_getpwuid($owner)['name']);
$this->log("?????? ?????: " . posix_getgrpid($group)['name']);
// ?????? ?? ?? ????? ?? ???? ?????? ?? ??? ???????
if ($permissions & 0x0002) {
$this->log("?????: ????? ???? ??????? ?? ??? ???????!", "ERROR");
return false;
}
$this->log("?????? ????? ????", "SUCCESS");
return true;
}
/**
* ??? ???? ??????
*/
public function runComprehensiveSecurityScan() {
$this->log("??? ????? ?????? ??????...");
$chromePath = $this->checkChromeInstalled();
if (!$chromePath) {
$this->log("?? ???? ???????? ???? ????? Chrome", "ERROR");
return false;
}
$tests = [
'ASLR Test' => fn() => $this->testASLR(),
'DEP Test' => fn() => $this->testDEP(),
'File Permissions' => fn() => $this->checkFilePermissions($chromePath),
'Binary Analysis' => fn() => $this->analyzeBinary($chromePath),
'Memory Check' => fn() => $this->runValgrindCheck($chromePath),
'Input Testing' => fn() => $this->testDangerousInputs($chromePath)
];
$results = [];
foreach ($tests as $testName => $testFunction) {
$this->log("????: $testName");
try {
$results[$testName] = $testFunction();
} catch (Exception $e) {
$this->log("??? ????????: $testName - " . $e->getMessage(), "ERROR");
$results[$testName] = false;
}
}
return $results;
}
/**
* ????? ????? ????
*/
public function generateReport() {
$this->log("????? ??????? ???????...");
$report = [
'timestamp' => date('Y-m-d H:i:s'),
'system_info' => [
'php_version' => PHP_VERSION,
'os' => php_uname('s'),
'hostname' => php_uname('n')
],
'test_results' => $this->testResults
];
$reportFile = 'chrome_security_audit_' . date('Ymd_His') . '.json';
file_put_contents($reportFile, json_encode($report, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
$this->log("?? ??? ??????? ??: $reportFile", "SUCCESS");
return $reportFile;
}
/**
* ??? ???????
*/
public function displayResults() {
$this->log("??? ??????? ????????...");
$successCount = 0;
$warningCount = 0;
$errorCount = 0;
foreach ($this->testResults as $result) {
if ($result['result']['return_code'] === 0) {
$successCount++;
} elseif (!empty($result['result']['stderr'])) {
$errorCount++;
} else {
$warningCount++;
}
}
$this->log("??????? ????????:");
$this->log("?????????? ???????: $successCount", "SUCCESS");
$this->log("?????????: $warningCount", "WARNING");
$this->log("???????: $errorCount", "ERROR");
}
}
// ??????? ???????
if (php_sapi_name() === 'cli') {
echo "========================================\n";
echo " Chrome Security Auditor - PHP\n";
echo " ???? ??? ???? ????? Chrome\n";
echo "========================================\n\n";
$debug = in_array('--debug', $argv) || in_array('-d', $argv);
$help = in_array('--help', $argv) || in_array('-h', $argv);
if ($help) {
echo "?????????:\n";
echo " php chrome_auditor.php [OPTIONS]\n\n";
echo "????????:\n";
echo " --debug, -d ????? ??? ???????\n";
echo " --help, -h ??? ??? ????????\n";
echo " --report, -r ????? ????? ????\n";
exit(0);
}
try {
$auditor = new ChromeSecurityAuditor($debug);
$results = $auditor->runComprehensiveSecurityScan();
if ($results) {
$auditor->displayResults();
if (in_array('--report', $argv) || in_array('-r', $argv)) {
$reportFile = $auditor->generateReport();
echo "?? ????? ???????: $reportFile\n";
}
} else {
echo "??? ????? ??????\n";
exit(1);
}
} catch (Exception $e) {
echo "???: " . $e->getMessage() . "\n";
exit(1);
}
} else {
echo "??? ???????? ???? ??????? ?? ??? ??????? ???\n";
exit(1);
}
?>
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================