Malware techiques via Linux Chrome and its effects, non-root
Is it possible to visit a website with Chrome on Ubuntu and have that site execute shell code on my machine without explicitly downloading anything nor click on some Chrome execute question/popup? If so, can you explain using a specific example?
I read a few nice articles:
- https://askubuntu.com/questions/956494/can-i-get-a-virus-just-by-visiting-a-web-site-on-google-chrome-on-ubuntu-16-04?newreg=744b6041774a4a9794e161e6256c8e36
- Ubuntu article
- Can you get virus just by visiting a website in Chrome?
I also read articles of how Linux defaults to non-root / non-admin privileges and its benefits. But isn't that pointless if I'm concerned about a malicious user seeing my personal data in my home dir? ($HOME/*)
What I want protection from:
- Not able to retrieve my files under $HOME
- Not able to identify key strokes / key logger while using a different Chrome tab, or using any of my Ubuntu apps like /usr/bin/ssh
I believe at least once Chrome's sandbox has been broken. I'm not sure exactly what that then implies.
The above Ubuntu post says Chrome's sandboxing "prevents your system from automatically executing bad code onto your system." Does he mean that if Chrome's sandbox is bypassed, the malicious user can still save a file in, for example, my ~/Downloads dir? Furthermore is he saying that, because Chrome is smart enough, Chrome itself will never try to execute a binary/bash script on its own?
These posts are nice but I'm trying to understand the mechanics behind the scenes, and a very specific example would help clear that up for me.
Thank you.
