←back to thread

Escaping the Chrome Sandbox Through DevTools

(ading.dev)
406 points vk6 | 6 comments | 17 Oct 24 05:55 UTC | HN request time: 0.386s | source | bottom
Show context
Etheryte ◴[17 Oct 24 07:57 UTC] No.41867389[source]
Given the severity, I can't help but feel that this is underpaid at the scale Google is at. Chrome is so ubiquitous and vulnerabilities like these could hit hard. Last thing they need to do is to send the signal that it's better to sell these on the black market.
replies(9): >>41867499 #>>41867548 #>>41867653 #>>41867666 #>>41867873 #>>41868146 #>>41868628 #>>41868995 #>>41869073 #
1. faangguyindia ◴[17 Oct 24 11:35 UTC] No.41868628[source]
Chrome needs to be rewritten in Rust asap
replies(4): >>41869138 #>>41869301 #>>41871064 #>>41873446 #
2. z3phyr ◴[17 Oct 24 12:44 UTC] No.41869138[source]
Malwares are going to be written in rust; What difference does it make? Also Its not memory based vulnerability but policy based vulnerability.
replies(1): >>41870157 #
3. gsck ◴[17 Oct 24 13:06 UTC] No.41869301[source]
No it doesn't? This has nothing to do with memory safety. Its a logical error, which Rust physically cannot prevent.
4. echoangle ◴[17 Oct 24 14:45 UTC] No.41870157[source]
But at least the vulnerability would be blazingly fast
5. j0hnyl ◴[17 Oct 24 16:17 UTC] No.41871064[source]
Did you even read the post?
6. kernal ◴[17 Oct 24 20:29 UTC] No.41873446[source]
This had nothing to do with Chrome, but rather Chromium.

>Considering that I'm using plain Chromium and not the branded Google Chrome, the channel will always be Channel::UNKNOWN. This also means that, unfortunately, the bug will not work on stable builds of Google Chrome since the release channel is set to the proper value there.