Press "Enter" to skip to content

EMET and Chrome

I own a copy of Malwarebytes Anti-Malware Pro, but found, in this post on Slickdeals.net, mention of software I had not heard of: Enhanced Mitigation Experience Toolkit (EMET) by Microsoft.

EMET is intriguing, because it provides an additional amount of security, including EAF, ASLR, and DEP, for apps that may not have been originally configured to take advantage of those technologies. A good write-up on setting the software up is available from TrustedSec.

Now, I am a complete novice when it comes to these security technologies, but I decided to use EMET and attempt to enable all it has to offer, because being ignorant about security technologies and using their benefits is better than just being ignorant. That said, I’ll continue to the steps I took to use Chrome alongside EMET.

Once EMET is installed and configured, it’s immediately evident that Chrome needs some additional attention (what with its constant crashing and pesky un-usable-ness).

To address that un-usable-ness, and because I have OCD, I decided to find which (if any) exceptions Chrome needs to operate without crashing. Luckily for me, it only took, like, 15 crashes to find the right exceptions. Luckily for you, here are the steps to add the Chrome executable and the right exceptions:

  1. Click, ‘Apps,’ from the toolbar
    • emet_chrome_01_apps
  2. Click, ‘Add Application,’ from the toolbar
    • emet_chrome_02_add_application
  3. Browse to your Chrome executable (mine is in C:\Program Files (x86)\Google\Chrome\Application)
  4. Enable the appropriate options for chrome.exe
    • emet_chrome_03_exceptions
    • DEP, Data Execution Prevention
    • SEHOP, Structured Exception Handler Overwrite Protection
    • NullPage, Null Page pre-allocation
    • HeapSpray, Common heap spray address pre-allocation
    • EAF, Export Address Table Access Filtering
    • BottomUpASLR, Bottom-Up virtual memory randomization
  5. Disable the appropriate options for chrome.exe
    • MandatoryASLR, Enforces Address Space Layout Randomization on loaded binaries
    • LoadLib, Check and prevent LoadLibrary calls against UNC paths
    • MemProt, Special check on memory protection APIs
    • Caller, ROP mitigation that checks if critical function was called and not returned into
    • SimExecFlow, Simulate the execution flow after the return address to detect subsequent ROP gadgets
    • StackPivot, Check if stack pointer was pivotted
  6. Ignore the greyed chrome.exe, if visible
  7. Click, ‘OK,’ at the bottom of the screen
  8. Close (if open) and re-open Chrome
  9. Enjoy!

2 Comments

  1. Saint Cyrpian Saint Cyrpian June 16, 2014

    Thanks. Worked perfectly.

  2. Glenn Glenn September 10, 2014

    MemProt, Caller, and SimExecFlow can now be enabled with EMET 4.1 & 5.0

musings & scribbles