Windows: Update cef_sandbox mitigations to match Chromium

This commit is contained in:
Marshall Greenblatt 2020-03-04 15:58:12 -05:00
parent 06a5ef3cd8
commit 4291776473
1 changed files with 5 additions and 1 deletions

View File

@ -17,7 +17,11 @@ void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo* info) {
} else { } else {
// Ensure the proper mitigations are enforced for the browser process. // Ensure the proper mitigations are enforced for the browser process.
sandbox::ApplyProcessMitigationsToCurrentProcess( sandbox::ApplyProcessMitigationsToCurrentProcess(
sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK); sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY);
// Note: these mitigations are "post-startup". Some mitigations that need
// to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done
// so in Chrome_ELF.
} }
} }