Appearance
Google Chrome
Validate Chrome’s network egress, upload behavior, clipboard/drag-drop, and screen capture deterrence under the Secure Sandbox.
Objectives
- Enforce deny-by-default egress across IPv4/IPv6; block QUIC/HTTP3, WebRTC STUN/TURN, and DoH/DoT.
- Ensure uploads (including chunked) respect proxy+pinned roots and fail-closed posture.
- Verify clipboard/drag-drop boundaries and screen capture/share deterrence.
Preconditions
- Windows target with Turbo Launcher and Secure Sandbox.
- Networking deny-by-default with proxy enforcement and pinned roots.
- DataMotion deny-by-default posture for clipboard/drag/drop/screen capture as applicable.
Controls Under Test
runtime.networking.egressDefaultAction, proxy enforcement and pinned roots, UDP/QUIC disabled.runtime.dataMotion.rules[]withchannel: "clipboard"|"dragDrop"|"screenCapture"|"screenShare".
Test Scenarios
| ID | Canonical IDs | Scenario | Procedure | Expected Outcome |
|---|---|---|---|---|
| SCEN-APP-CHROME-01 | NET-PROTO-01 | QUIC/HTTP3 disabled | Open YouTube; verify QUIC ALPN h3 is denied; fallback to HTTPS/TCP. | UDP denied; audit shows alpn: "h3" denied or TCP fallback. |
| SCEN-APP-CHROME-02 | NET-PROTO-01 | WebRTC STUN/TURN blocked | Start a WebRTC test page; attempt STUN/TURN. | UDP/STUN/TURN denied; audit shows protocol=udp or TURN deny. |
| SCEN-APP-CHROME-03 | NET-DNS-02 | DoH/DoT blocked | Force DoH in Chrome; attempt resolve. | Denied via proxy+pinned roots; audit reason: "dohBlocked". |
| SCEN-APP-CHROME-04 | NET-EGRESS-01 | Direct IP | Navigate to http://<IP> (resolved on host). | Connection fails without explicit allow. |
| SCEN-APP-CHROME-05 | DM-WEB-02 | Chunked uploads | Perform chunked upload to test server. | Denied/rate-limited; no exfiltration. |
| SCEN-APP-CHROME-06 | DM-WEB-04 | Pinning/Proxy outage | MitM w/ wrong CA or take proxy down. | Connection fails; no direct fallback. |
| SCEN-APP-CHROME-07 | DM-CLIP-01 | Clipboard outbound | Copy large text/image in Chrome; paste to host. | Denied/processed per policy; audit dataMotion event. |
| SCEN-APP-CHROME-08 | DM-DRAG-01 | Drag-drop outbound | Drag a file from Chrome download list to host. | Operation blocked per policy. |
| SCEN-APP-CHROME-09 | DM-SCREEN-01 | Screen capture/share | Snipping Tool or share session. | Watermark/blur or block per policy; audit reflects outcome. |
| SCEN-APP-CHROME-10 | NET-EGRESS-05 | Env proxy var / flag bypass | Launch Chrome with a system/OS HTTPS_PROXY set to a non-designated proxy or pass a proxy flag if applicable; browse to https://example.com. | Denied; audit shows reason: "unauthorizedProxy", proxyEnforced: true. |
| SCEN-APP-CHROME-11 | NET-EGRESS-06 | NO_PROXY bypass | Set NO_PROXY=* (system scope) and browse to https://example.com. | Denied; audit reason: "proxyBypassAttempt", proxyEnforced: true. |
| SCEN-APP-CHROME-12 | NET-EGRESS-08 | PAC/WPAD hijack | Configure a PAC URL to an unapproved proxy or enable auto-detect (WPAD) with a malicious server; browse to https://example.com. | Denied/Ignored; audit reason: "pacNotTrusted" or "wpadBlocked", proxyEnforced: true. |
| SCEN-APP-CHROME-13 | NET-EGRESS-09 | Proxy fail-closed | Take the designated proxy down (service stop or blackhole); attempt browsing. | Denied; no direct fallback; audit reason: "proxyUnavailable", proxyEnforced: true. |
| SCEN-APP-CHROME-14 | NET-EGRESS-10 | Proxy identity/pinning | Intercept the proxy TLS with a wrong CA/cert; attempt browsing. | TLS error/handshake failure; audit reason: "certMismatch" or "pinningFailed", proxyEnforced: true. |
| SCEN-APP-CHROME-15 | NET-EGRESS-11 | IPv6 direct egress | Navigate to an IPv6 literal (for example, https://[2606:4700:4700::1111]/). | Denied; audit ipVersion: 6, action: deny. |
| SCEN-APP-CHROME-16 | NET-EGRESS-12 | CONNECT to non-proxy | Configure system proxy to https://nonproxy.example:443 and browse. | Denied; audit reason: "destNotProxy", proxyEnforced: true. |
| SCEN-APP-CHROME-17 | HARD-FILES-PREVIEW-01 | PDF built-in preview (default) | Using a policy with fileTypes[].defaultPreviewProvider: "builtInPdf", open a PDF from Files tab or via Chrome capability routing. | Built-in PDF preview is used by default; audit fileOp shows preview action, rule.id. |
| SCEN-APP-CHROME-18 | HARD-FILES-ASSOC-02 | Open With (Chrome hidden) | With Chrome visibility: "hidden" and an association open action showInOpenWith: true, select Open With → Chrome on a PDF. | Chrome does not appear in Applications, but Open With routes to Chrome when authorized; audit authz/fileOp reflect invocation and rule.id. |
| SCEN-APP-CHROME-19 | HARD-FILESBYPASS-02 | Save Page As to UNC | File > Save Page As... and attempt to save to a UNC path like \\\\localhost\\C$ or a mapped drive letter (e.g., Y: mapped to \\\\localhost\\C$). | Denied or redirected to overlay/context; SMB egress blocked by policy; audit fileOp deny/virtualize with attempted UNC/mapped path. |
Evidence Requirements
networkevents: protocol, destination, action, outcome; includealpn,sni,proxyEnforced, andreasonwhen relevant; includeipVersionfor IPv6 tests.dataMotionevents:channel,direction,action,outcome,rule.id,priority.
Troubleshooting
- Ensure Chrome does not force TCP fallback before QUIC is tested; observe ALPN in audit.
- Use a clean profile to avoid extensions altering network behavior.
Known Limitations & Negative Space
- Optical capture (camera/phone) is out of scope; use organizational controls.
- Some enterprise proxies may alter ALPN visibility; rely on audit fields where available.
