Jump to content

[SOLVED] False exploit stopped Google Chrome from opening


droyls
 Share

Recommended Posts

I have been using Malwarebytes Anti-Exploit for some time and have the latest beta version installed but today encountered a strange problem which stopped me from launching Google Chrome because Anti-Exploit posted a pop-up box advising "An exploit code has been blocked in Google Chrome".

 

This initially occurred when I opened a sales link in an e-mail and then occurred each time I tried to relaunch Google Chrome (without restoring the problem page), i.e. just opening my own home page and still happened after cleaning out all the cache etc for Chrome using Piriform's CCleaner utility.

 

Whilst the problem was present, I could open the exact same web pages in Internet Explorer 11 without problem and Anti-Exploit was silent!

 

This problem only stopped after I shutdown and restarted my computer.

 

The attached mbae log shows the following entry for each exploit code given:

Alert MessageBox from (11688)Google Chrome  

(where the numbers change for each time Chrome is relaunched).

 

I am running Windows 7 32bit fully up to date with all available security fixes etc.

 

Thanks, Steve

 

mbae-default.log

Link to post
Share on other sites

  • Staff

Welcome to the forum droyls and thanks for reporting.

 

We believe this is a problem with one of the current memory protection techniques. We have already fixed this in the next version 0.09.5 which we are finishing as we speak (type).

 

If you are willing in a couple of days max I can send you an alpha build to verify that the issue is fixed.

Link to post
Share on other sites

Hi Pedro, thank you for your very prompt response - I would be happy to try your alpha build when available though cannot guarantee that I will see the same problem again.  I have been using MBAE since July and use Chrome as my default browser without having seen this issue before today, so seems doubtful it will show the problem that easily!  Steve

Link to post
Share on other sites

  • Staff

In the meantime you might want to check some of the errors showing in your logs, for example do a scandisk + repair of your drive just in case:

26/11/2013 22:50:30, Error: bowser [8003]  - The master browser has received a server announcement from the computer NC10 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7537DE8B-1405-4962-BF62-0C2B65CF8975}. The master browser is stopping or an election is being forced.03/12/2013 15:39:31, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.03/12/2013 15:39:31, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.03/12/2013 15:37:07, Error: Ntfs [137]  - The default transaction resource manager on volume ComodoEvdd encountered a non-retryable error and could not start.  The data contains the error code.03/12/2013 15:36:51, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.03/12/2013 15:36:06, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.03/12/2013 15:36:04, Error: volmgr [46]  - Crash dump initialization failed!

Also there seems to be something with chrome. Try closing MBAE and rebooting a couple of times to let chrome finish doing its thing (and/or reinstall chrome):

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Link to post
Share on other sites

  • Staff

We are aware of the issues with Chrome and have changed the memory protection technique in order to be more Chrome-friendly. The fix will be included in the next beta version 0.09.5 which we are about to release. I'll send previews of the 0.09.5 to the people to have posted here so that you may test the new version earlier to verify that the fix works correctly with Chrome.

Link to post
Share on other sites

  • 1 month later...

Running Win 7 (32bit), Google Chrome does not like MBAE with EMET 4.1 SEHOP, EAF or ROP mitigations enabled.  It is fine with Deep Hooks enabled.  When running Chrome with MBAE under Win XP SP3 (32bit), it is able to run with SEHOP mitigation enabled.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.