system
11
I can confirm your findings (XP SP3, no kernel access from PH). Could you try to inject the dll in SafeBrowser child processes, instead of the parent one?(if you haven’t tried already)
I found that it’s not possible to inject in child processes, only in the parent one. I could be mistaken, but Chrome is probably built so that child processes are the ones dealing with web content/information sending/processing, so it’s being protected from dll injection (or sniffing from parent) so there’s no direct danger from information sniffing that way. But that still leaves that it’s possible to “remotely” (tentative name, since it’s not really a “remote”) execute code in SafeZone from host PC (which is infected) which could sniff out info… in some alternate manner.
Would be nice to hear from devs about this.