New issue
Advanced search Search tips

Issue 160559 link

Starred by 6 users

Issue metadata

Status: Fixed
Owner:
Closed: Nov 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment

chrome continuously crashes

Project Member Reported by kareng@google.com, Nov 12 2012

Issue description

Version: 23.0.1271.64 - current stable channel
OS: windows 2003

This appears to be a combination of Citrix and Windows 2003. After updating to 23 on the stable channel all instances crash. 

 

Comment 1 by kareng@google.com, Nov 12 2012

Labels: Merge-Merged
this was due to some hard failures around enabling mitigations. Justin's landed the fix to M23 and it will go out in the next stable update.

Comment 3 by jsc...@chromium.org, Nov 12 2012

Status: Fixed
Labels: Hotlist-ConOps
And when will this next stable update happens? Or should it be called beta instead of stable... Thousand of people using old OSes are affected by this buggy 23.0.1271.64. It is a week passed already do something!
@zapadinsky, this issue is specific to Citrix and Windows 2003. If you are experiencing crashes on a different OS, you are likely seeing a different issue. Can you start a new issue and provide more details about the specific crash that you are seeing?
I am experiencing this issue on windows 2003 terminal server WITHOUT citrix.
Take a look here https://productforums.google.com/forum/m/#!msg/chrome/QEBouUfnBgY/odhd1k-6HnsJ only few of those guys have Citrix. Should I open an issue if it is already fixed? Just want to let  you know that all 2003 server users are affected. 

Comment 9 by kareng@google.com, Nov 13 2012

justin says his fix is not citrix specific and should fix your problem too. as long as you're on win 2003.
It's not necessarily specific to Citrix. Do you mind checking in C:\boot.ini to see if it contains this line: /noexecute=AlwaysOff

Comment 11 Deleted

I have a key /execute which is identical to /noexecute=AlwaysOff. Canary build works fine on my system. When will the new update for the stable branch be released?
So, that's the problem. Windows 2k3 shows DEP as being supported, but that switch prevents it from being enabled. So, the sandbox refuses to start due to the DEP failure. The difference in canary is that I let it ignore the DEP failure on versions prior to Vista (because of a minority of cases like this). I've backported that change to Chrome 23, and it should ship in a few weeks.

In the interim, everything should work if you remove "/execute" and/or "/noexecute=AlwaysOff" in boot.ini and replace it with "/noexecute=OptIn". However, I don't know why those boot.ini switches were changed in the first place. It's possible some installer added them for compatibility reasons (although it may not be needed anymore).

@jschuh one can disable DEP on Win 7 too. Also one can disable DEP only for Chrome. Why you are stopping process initialization in this case?
@jschuh is it an unrecoverable error? It is a bad practice to raise IPE when you can continue execution.
The sandbox provides security guarantees based on what the OS can support. If those guarantees cannot be honored the sandbox terminates. That's always been the design of the sandbox, and the change in Chrome 23 is to just include more OS mitigations in the sandbox policy.

As for DEP specifically, it is a critical security measure in Windows, and disabling it system-wide will dramatically compromise the security of the entire OS. There are some legitimate reasons to do this on legacy OS versions like Win 2k3, which is why we will soon release a patch that silently ignores the failure for those versions. However, there's no legitimate reason to disable DEP system-wide in production systems running Vista or later. Doing so compromises the security of the system to such an extent that it's reasonable to just run Chrome with the --no-sandbox switch, because then the user will at least be notified at startup that the browser cannot be run in a trustworthy mode.

Comment 17 Deleted

@jschuh all this carefree or just brave users who disabled DEP in Win7 will see "aw snap" with absolutely no hint how to deal with it. You definitely should have a legitimate reason to put users in such troubles.

One should raise internal program error only if there is an unrecoverable error in an execution flow like division by zero. Enabling DEP in the sandbox is already a some level of paranoia and it is safe to ignore this error. So you did the patch for just pre-Vista OSes, I recommend you to propagate it on the rest of OSes. Please don't take it personally, just fix it.

Comment 19 Deleted

@jschuh also why you didn't even bother to call GetSystemDEPPolicy ?
Sorry for the confusion, to state it more simply, Chrome does not support running without DEP on systems that reliably support it (e.g. Windows Vista and above). This is similar to how Chrome does not support running in an improperly configured job object, or when MAC restrictions cannot be applied. That is because the sandbox must provide certain security guarantees, and that's not possible when the basic security of the OS has been compromised by misconfiguration. You still have the option to run Chrome without the sandbox enabled (--no-sandbox) in these scenarios, and in that case it will inform you at launch of the security risk.
@jschuh good decision would be to test GetSystemDEPPolicy at startup, show warning to the user (like those with no-sandbox) if DEP is disabled system wide and run sandbox without DEP. Agree? 
What you did is crashed the initialization, do not allow user to find any hint what to do next, he cant even click on the link "try this suggestion" on aw snap page.
You made a horrible decision. Also you have recently lowered restrictions to preVista systems, also with no warning to the user that his system is under threat.
Also you should explain the problem in comments in sources. You write a comment "DEP support is quirky on XP" it is not true and do not enlighten the problem.

Comment 23 by joh...@gmail.com, Nov 17 2012

I'll chime in here.
I am running XP SP 2, with the /noexecute=allwaysoff boot.ini switch.
I am on an Intel Pentium M Toshiba laptop.
(I still use programs that require it set that way.)

This was my first installation of Chrome. What a bad decision.

It appears Google took some shortcuts... 
1. Chrome provided me with a generic error message.
2. The message was useless/clueless to find out why chrome didn't work.
The only way I was able to find others with the problem was to search:
chrome 23.0.1271.64
There I found Sie Deen linking to this thread.

jsc said "Chrome does not support running without DEP on systems that reliably support it (e.g. Windows Vista and above)."

Bad choice Genius. Your web browser is just not that important a piece of software to make system wide changes for it to run.

It should not require once specific set of boot time options.
Apparently XP does know how to turn DEP on and off...

I appreciate the lack of concern shown for my time... and countless others "out there"
Fix the program... you can make two separate downloads.
23.0.1271.64.dep and 23.0.1271.64.nodep

@johnrw there is no need to make separate downloads. It could just show warning and keep running. Justin made this bug by mistake, obviously he didn't know that DEP could be disabled system wide and can't predict that his fixes will crash the stable branch. He already made a crutch that fixes issue on XP so don't worry. The question is why he acting like a bad politician and won't to rewrite code well. And why the hell this issue is not read by his boss.
Labels: Restrict-AddIssueComment-Commit
I've closed this issue for comment because the most recent comments are misleading and disruptive. To ensure that anyone landing here gets the correct answer: Chrome 23 will be updated very soon to support running without DEP on Windows versions prior to Vista. Canary, dev, and beta channels already allow this, but the support was unintentionally left out of the initial release of Chrome 23.

If you are one of the small number of users with an older, non-standard Windows configuration affected by this issue, there are two potential workarounds. The first (and recommended solution) is to ensure that your C:\boot.ini file does not contain a line including "/noexecute=alwaysoff" or "/execute". By default, these values should not be set and the system will use opt-in DEP, but the values may have been added manually, by software installers (often erroneously), or by malware. In the very unlikely event that you must run your system with DEP disabled, then you can run Chrome with the --no-sandbox switch (although this is not an officially supported configuration).

For users of Windows Vista and later, DEP is a *critical* security measure and an explicit requirement for Chrome. If you manually disable DEP (or any number of other security features required by the sandbox) Chrome will fail to start properly. For those curious as to why DEP is not required by Chrome on earlier versions of Windows, the reasons are:
* DEP is dramatically less effective without ASLR (which requires Vista or later).
* DEP hardware support is not guaranteed on earlier versions of Windows.
* Key OS libraries and services have spotty support for DEP on earlier versions of Windows.
* DEP may be disabled on earlier versions of Windows due to past misconceptions about application compatibility and performance.

Cc: jsc...@chromium.org rvargas@chromium.org
 Issue 161743  has been merged into this issue.
 Issue 161743  has been merged into this issue.
 Issue 161743  has been merged into this issue.
 Issue 161743  has been merged into this issue.
Project Member

Comment 30 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Area-Internals Cr-Internals

Sign in to add a comment