Escaping the Chrome Sandbox Through DevTools

(ading.dev)

406 points vk6 | 1 comments | 17 Oct 24 05:55 UTC | HN request time: 0.205s | source

Show context

Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]▶

Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.

replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #

TheDong ◴[17 Oct 24 08:18 UTC] No.41867499[source]▶

>>41867389 #

If you can trick someone into installing a malicious extension with arbitrary permissions, you can already run arbitrary code on every webpage they visit, including their logged in bank, social media, etc.

You think an attacker is right now thinking "Man, I know exactly how to make a lot of victims install an extension, but I can only steal their coinbase wallet and bank accounts, if only there was a way I could run calc.exe on their machine too..." who's going to pay more than $20k to upgrade from "steal all their money" to "steal all their money and run calc.exe"?

replies(5): >>41867676 #>>41867738 #>>41867770 #>>41868097 #>>41868626 #

1. TeMPOraL ◴[17 Oct 24 10:11 UTC] No.41868097[source]▶

>>41867499 #

No, "calc.exe upgrade" is definitely worth more than $20k to criminals, as it's a huge qualitative jump in capabilities. A full-privileged browser extension can only mess with things you actively visit in your browser. But give it "calc.exe privileges", and it now can mess with anything that touches your computer, with or without your involvement. Private keys on your hard drive, photos on your phone that you plugged in via USB to transfer something, IoT devices on your LAN - all are fair game. And so many, many other things.

↑