Google announced in November last year that they planned to make changes to Chrome to improve stability of their browser, specifically by blocking third party applications from injecting code into Chrome’s processes1. In July, with the release of Chrome 68, they will start to enforce this.
While the logic behind this is understandable this does come with some less than desirable side effects that will affect data loss prevention (DLP) software providers, including McAfee®.
As part of our endpoint DLP product we offer Web Protection rules that can inspect both file and web form data (text) uploads to websites and optionally prevent a potential data breach by blocking the upload. However, this is only possible by injecting code into the browser, which is exactly what Google will be preventing.
Google states in the article that Chrome extensions are a modern alternative to running code inside of Chrome processes. Unfortunately, this approach is not ideal for DLP vendors as Chrome extensions are asynchronous, meaning that the extension is notified of the upload after it has occurred. Clearly the problem here is that this means that DLP products are not able to block sensitive data per policy in such a scenario. McAfee has formally requested a suitable API be added to Chrome to allow blocking via extensions but to date we have not received a confirmed response.
While our endpoint DLP product will only be able to monitor and alert on file or text uploads via the Web Protection rule with the release of Chrome 68, the good news is that there are other ways in which potential data breaches via uploads can be blocked or rapidly remediated:
- McAfee’s endpoint DLP product offers Cloud Protection rules to monitor the local sync folder created by installing the sync agents included with Microsoft’s OneDrive, Google’s Drive (Backup and Sync) and other file sync and share apps
- McAfee’s Network DLP Prevent product monitors web and email traffic at the network level and can block file uploads
- McAfee’s Skyhigh Security Cloud product scans a variety of cloud file sync and share collaboration apps for sensitive files and offers remediation options such as quarantining or deleting the sensitive file
- McAfee’s Network DLP Discover product can scan Microsoft Sharepoint and file server shares for sensitive files with remediation options similar to those found in McAfee’s Skyhigh Security Cloud
- McAfee’s Web Gateway product can be used to simply block access to sites with poor reputations or sites that do not fall into typical work/business categories
- McAfee’s Web Gateway Cloud Services can be used in conjunction with McAfee Client Proxy to redirect corporate laptop traffic to our scanning service when the device is not connected to the corporate network
McAfee will continue to review Chrome’s architecture for changes that will enable us to offer blocking capability once more via our endpoint DLP product and will notify if this becomes possible.