Chrome and EMET

A week or two ago, Chrome quit working–I would launch it, and EMET would give me a message that it detected Caller Mitigation. It turns out that particular setting isn’t compatible with Chrome 35 and up.

The fix is easy. Launch EMET, click “Apps,” scroll down to Chrome, and uncheck the 10th item from the left.

Google doesn’t recommend EMET because Chrome already does most of the things that EMET forces, and the EMET mitigations that Chrome lacks can be bypassed. To me, that doesn’t make them worthless. It filters out the unsophisticated attackers. And if you make the advanced adversary make the attack more complex, there’s a greater chance of being caught. Security isn’t about preventing everything–you can’t–but you can raise the stakes.

That’s why I disabled Caller Mitigation and keep EMET enabled on Chrome.exe.

I also saw this week that Google is working on a 64-bit version of Chrome for Windows. Finally! Once it comes out of beta, that’s something I’ll be installing. That may be what makes me change allegiances from Firefox.

3 thoughts on “Chrome and EMET

  • June 6, 2014 at 8:34 am
    Permalink

    Google is entirely too interested in sticking its nose into my personal privacy. I would rather switch to IE (yes, IE) than install chrome on any computer i use or maintain.

  • June 8, 2014 at 7:17 pm
    Permalink

    Security is absolutely not just about prevention, much more important is it is about making certain they leave a trace of what they did and where they went. among other things that especially means you have hidden log files that track eveything, IN ADDITION to the obvious ones that leave so they can erase their activity.

    • June 8, 2014 at 11:02 pm
      Permalink

      But prevention plays a role in that. By preventing the simple attacks, you force the attacker to raise the stakes and burn a more sophisticated attack, which is more likely to leave traces in various logs as it takes place.

      We’ve also found that preventing the simple attacks gives our incident response team more time to find and deal with the bigger threats, which is good. Prevention helps reduce the noise, and a large company needs that.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux