Escaping the Chrome Sandbox Through DevTools

(ading.dev)

406 points vk6 | 1 comments | 17 Oct 24 05:55 UTC | HN request time: 0.222s | source

Show context

Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]▶

Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.

replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #

TheDong ◴[17 Oct 24 08:18 UTC] No.41867499[source]▶

>>41867389 #

If you can trick someone into installing a malicious extension with arbitrary permissions, you can already run arbitrary code on every webpage they visit, including their logged in bank, social media, etc.

You think an attacker is right now thinking "Man, I know exactly how to make a lot of victims install an extension, but I can only steal their coinbase wallet and bank accounts, if only there was a way I could run calc.exe on their machine too..." who's going to pay more than $20k to upgrade from "steal all their money" to "steal all their money and run calc.exe"?

replies(5): >>41867676 #>>41867738 #>>41867770 #>>41868097 #>>41868626 #

1. beng-nl ◴[17 Oct 24 09:06 UTC] No.41867738[source]▶

>>41867499 #

I actually think escaping the browser is a huge leap and a frequently a primary goal for a black hat. Eg someone trying to install ransomware, or a spy targeting a specific person or org.

From outside the browser they can exploit kernel bugs to elevate their privilege; and they can probe the network to attempt to move laterally in the org.

So while I think your comment is thoughtful, its thoughtfulness made me think of agreeing with the opposite :-)

↑