Chrome on Windows: New security feature to detect symbolic links

IsLink function introduced for secure file handling in Chrome (Windows)

News

Reading time icon 2 min. read

Calendar icon Published on

by Claudiu Andone 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Google Chrome IsLink security feature

Microsoft is working with Google to implement a helper function called IsLink(…) for handling symbolic links in Windows for Chrome browser. This change addresses a specific security concern related to file handling during directory traversal.

When obtaining a file handle through functions like GetFile() or GetEntries() from a directory handle, there’s a risk that the file handle represents a symbolic link, also known as a symlink. Symlinks can point to paths that are potentially blocklisted or restricted. The security risk arises if the symlink file is created after permissions have already been granted to access the parent directory.

The IsLink function Implementation details for Chrome on Windows

The IsLink(…) helper function will likely check whether a given file handle corresponds to a symbolic link. By identifying symlinks, developers can take appropriate actions to prevent unintended security breaches.

This CL adds helpers IsLink(…) for symbolic link handling in the Windows to unblock https://issues.chromium.org/issues/40061477.

The necessity for the `IsLink` helper arises from a specific security concern related to file handling during directory traversal. When a file handle is obtained through `GetFile()` or `GetEntries()` from a directory handle, there’s a possibility that this file handle represents a symlink file. This symlink could potentially point to a path that is blocklisted, posing a security risk. Such a scenario might occur if the symlink file is created after permissions have been granted to access the parent directory. Although this situation cannot occur through web API and it’s only possible when it done on the local machine. However, the isuse is currently implemented on non-Windows platforms only, due to the absence of a helper on Windows to detect symlinks.

Chromium development page

So, the issue only appears in the desktop version of Chrome for Windows because on other platforms, there is a helper for symlinks.

Hopefully, the IsLink helper will be implemented soon enough for all Chromium browsers.

Do you have any security concerns about Chrome? Let’s discuss this matter in the comments section below.

More about the topics: Chrome, security

Claudiu Andone

Claudiu Andone Shield

Windows Toubleshooting Expert

Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school. With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!