Escaping the Chrome Sandbox Through DevTools

(ading.dev)

406 points vk6 | 1 comments | 17 Oct 24 05:55 UTC | HN request time: 0.225s | source

Show context

Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]▶

Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.

replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #

alkonaut ◴[17 Oct 24 08:53 UTC] No.41867666[source]▶

>>41867389 #

If it had worked for Chrome it should (and maybe would) have been a lot higher. Also: doesn't it use an extension?

I was under the impression that extensions were un-sandboxed and basically just executables I trust to run with the same privilege as the browser itself (which is a lot, at least under windows).

replies(1): >>41867763 #

1. Etheryte ◴[17 Oct 24 09:08 UTC] No.41867763[source]▶

>>41867666 #

No, extensions are tied to the browser sandbox and they also have to specify their permissions beforehand. They can request fairly wide permissions inside the browser sandbox, yes, but they have to explicitly list the permissions they require in the manifest and the browser will ask you if you're fine with those before installing. Outside of the browser itself, the extensions can't do pretty much anything outside of sending messages to applications that explicitly register to receive them from them.

↑