search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.62k stars 1.52k forks source link

CredentialUIBroker.exe freezing while accessing Brave Browser password manager #3863

Open pulsarclarinetokrabee opened 5 months ago

pulsarclarinetokrabee commented 5 months ago

Describe what you noticed and did

  1. Open Brave sandboxed
  2. Open the Password manager (brave://password-manager/passwords)
  3. Click add, then create an arbitrary password entry and save it
  4. Click on the newly created entry, a Windows Safety dialog (CredentialUIBroker) should open asking for authentication
  5. Upon clicking OK or trying to close the window, the dialog will freeze. Thus the editing the saved Brave passwords is not possible. The CredentialUIBroker has to be force closed

How often did you encounter it so far?

Always

Expected behavior

The authentication should behave the same as an unsandboxed Brave session.

Affected program

Brave Browser Version 1.65.123 Chromium: 124.0.6367.91 (Official Build) (64-bit)

Download link

https://laptop-updates.brave.com/download/BRV002?bitness=64

Where is the program located?

The program is installed only outside the sandbox.

Did the program or any related process close unexpectedly?

Yes, it did, but no .dmp file has been created in the system.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie Plus 1.13.3

Is it a new installation of Sandboxie?

I have been using the same version for some time.

Is it a regression from previous versions?

Unknown. On Previous versions of Brave and Sandboxie it used to work, however it has been too long to pin point when the problem first started.

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 11 Pro 23H2 64bit

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

none

Did you previously enable some security policy settings outside Sandboxie?

No

Trace log

No response

Sandboxie.ini configuration

[GlobalSettings]

Template=LogitechSetPoint
Template=Edge_Fix
Template=7zipShellEx
Template=WindowsRasMan
Template=SynapticsTouchPad
FileRootPath=T:\Sandbox\%SANDBOX%
ProcessGroup=<Customlibreoffice_DefaultBox>,libreofficewriterportable.exe,libreofficeportable.exe,soffice.exe,soffice.bin
EditAdminOnly=y
ForceDisableAdminOnly=y
ForceDisableSeconds=5901
TemplateReject=OfficeLicensing
TemplateReject=WindowsLive
TemplateReject=ObjectDock
ActivationPrompt=n
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
DefaultBox=Temporary

[Temporary]
Enabled=y
FileRootPath=R:\Sandbox\%SANDBOX%
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,off,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
BlockInterferePower=n
ForceProtectionOnMount=n
DropAdminRights=y
IsProtectScreen=n
IsBlockCapture=n
DblClickAction=!browse
ClosePrintSpooler=y
BoxNameTitle=y
offhub commented 5 months ago

I can't reproduce this problem on Windows 11 23H2 (Hyper-V) or Windows 10 22H2. Please try with the latest release version.

https://github.com/sandboxie-plus/Sandboxie/assets/6871698/57393e1d-d545-441f-a29e-d25d3cbd82a7

pulsarclarinetokrabee commented 5 months ago

With version 1.13.7 the problem remains. Other than setting up the whole computer from scratch there aren't any other ways I can think of to find the cause.

offhub commented 5 months ago

Try using older versions and see if it works. v1.12.9 v1.11.4

pulsarclarinetokrabee commented 5 months ago

Tried v1.11.4 and went as far back as v.1.6.4. No change.

NewKidOnTheBlock commented 3 months ago

@pulsarclarinetokrabee Hey, this seems to be a duplicate of https://github.com/sandboxie-plus/Sandboxie/issues/3986 Try the suggested workaround: FakeAdminRights=CredentialUIBroker.exe,n

pulsarclarinetokrabee commented 3 months ago

Thanks for the suggestion, however I cannot confirm these two issues to be identical.

  1. FakeAdminRights were not enabled for the Sandbox to begin with, and adding the exclusion manually has no effect.
  2. The CredentialUIBroker process is not crashing instantly, the dialog window freezes after attempting to authenticate.

After Firefox added a similar feature recently I can observe the same behavior there. Making the issue not exclusive to Brave.

https://www.mozilla.org/en-US/firefox/127.0/releasenotes/

For added protection on MacOS and Windows, a device sign in (e.g. your operating system password, fingerprint, face or voice login if enabled) can be required when accessing and filling stored passwords in the Firefox Password Manager about:logins page.

offhub commented 3 months ago

For Firefox:

FakeAdminRights=firefox.exe,n