Escaping the Chrome Sandbox Through DevTools

(ading.dev)

406 points vk6 | 1 comments | 17 Oct 24 05:55 UTC | HN request time: 0.001s | source

Show context

Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]▶

Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.

replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #

TheDong ◴[17 Oct 24 08:18 UTC] No.41867499[source]▶

>>41867389 #

If you can trick someone into installing a malicious extension with arbitrary permissions, you can already run arbitrary code on every webpage they visit, including their logged in bank, social media, etc.

You think an attacker is right now thinking "Man, I know exactly how to make a lot of victims install an extension, but I can only steal their coinbase wallet and bank accounts, if only there was a way I could run calc.exe on their machine too..." who's going to pay more than $20k to upgrade from "steal all their money" to "steal all their money and run calc.exe"?

replies(5): >>41867676 #>>41867738 #>>41867770 #>>41868097 #>>41868626 #

1. grokkedit ◴[17 Oct 24 08:55 UTC] No.41867676[source]▶

>>41867499 #

that's not entirely true: if you look at the manifest on the github repo you can see that it only requires the `tab` permission, which, when installed, will make the extension seem quite safe, since it should not have access to the content of your pages

↑